13 September 2016

Filter Phân Quyền Chặn các yêu cầu từ Clien JSP Servlet Java NetBeans (Login)

su - 123  -> Vào welcome click OK admin, employee, superadmin
ad - 123 - > Vào welcome click OK admin, employee
em - 123 - > Vào welcome click OK employee

Login username:  em, password: 123

Login successful =>> wellcome.jsp
Click admin & superadmin =>> accessdenied.jsp
Click employer =>> OK servlet
login.jsp
Java 2016
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Login</title>
    </head>
    <body>
        <h1>Login</h1>
        ${requestScope.message}
        <br>
        <form action="LoginServlet" method="POST">
            Username: <input type="text" name="username"><br>
            Password: <input type="password" name="password"><br>
            <input type="submit" value="Login"/>
        </form>
    </body>
</html>
wellcome.jsp
Java 2016
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Wellcome</title>
    </head>
    <body>
        <a href="PermissionServlet?access=admin">admin</a><br>
        <a href="PermissionServlet?access=employer">employer</a><br>
        <a href="PermissionServlet?access=superadmin">superadmin</a><br>
    </body>
</html>
accessdenied.jsp
Java 2016
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Access Denied</title>
    </head>
    <body>
        <h1>Access Denied!</h1>
    </body>
</html>
Servlet: LoginServlet.java
Java 2016
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    try (PrintWriter out = response.getWriter()) {

        String username = request.getParameter("username");
        String password = request.getParameter("password");
        HttpSession session = request.getSession();

        if (username.equals("su") && password.equals("123")) {
            session.setAttribute("quyen", "su");
            response.sendRedirect("wellcome.jsp");
        } else if (username.equals("ad") && password.equals("123")) {
            session.setAttribute("quyen", "ad");
            response.sendRedirect("wellcome.jsp");
        } else if (username.equals("em") && password.equals("123")) {
            session.setAttribute("quyen", "em");
            response.sendRedirect("wellcome.jsp");
        } else {
            request.setAttribute("message", "Tai khoan k hop le!!");
            request.getRequestDispatcher("login.jsp").forward(request, response);
        }
    }
}
Filter: PermissionFilter.java
Java 2016
private void doBeforeProcessing(RequestWrapper request, ResponseWrapper response)
        throws IOException, ServletException {
    if (debug) {
        log("PermissionFilter:DoBeforeProcessing");
    }

    HttpSession session = request.getSession();
    String quyen = session.getAttribute("quyen").toString();

    System.out.println("Quyen: "+ quyen);
    String access = request.getParameter("access");

    if(quyen.equals("ad") && access.equals("superadmin")){
        response.sendRedirect("accessdenied.jsp");
    }else if(quyen.equals("em") && access.equals("superadmin")){
        response.sendRedirect("accessdenied.jsp");
    }else if(quyen.equals("em") && access.equals("admin")){
        response.sendRedirect("accessdenied.jsp");
    }

} 

0 nhận xét:

Post a Comment

 

BACK TO TOP

Xuống cuối trang