JAVA实现权限管理的两种方式（国外英文资料）.doc

JAVA实现权限管理的两种方式（国外英文资料） The first approach is to use filters, XML files, and user information tables to implement authorization management. Filter filter Package .aaa.bbb.filter. Import java.io. Import java.io.inputstream; Import java.util.hashmap Import java.util.iterator Import java.util.list Import java.util.map Import javax.servlet. Import javax.servlet. Import javax.servlet. Import javax.servlet. ServletContext; Import javax.servlet. ServletException; Import javax.servlet.servletrequest; Import javax.servlet. ServletResponse; Import javax.servlet.httpservletrequest; Import javax.servlet. HttpServletResponse; Import mons. Import mons. () The import org.dom4j. By the end of the year, its a very good idea. Import .aaa.bbb.domain.user. Import .aaa.bbb.util.httputils / * * * filter: background management module authorization. Based on: configuration file XML, according to the administrator information used in the current session. * note: no more access to the database. You dont need to use any beans to judge. Directly in this class. * @author cuiguangqiang * * / Public class ManagerAuthFilter, implements Filter { Protected static final Log logger = logfactory.getlog (managerauthfilter.class); The public static final String MAPPING_FILE = / web-inf/managerauthmapping.xml; Private ServletContext context = null; Private Map actions = new HashMap () Public void init (FilterConfig FilterConfig) throws ServletException Context = filterconfig.getservletcontext (); If (context = = null) { Error ( unable to init as servlet context is null ); The return; } LoadConf (); Info ( ManagerAuthFilter configure success. ) } Private void loadConf () { InputStream InputStream = context.getresourceasstream (MAPPING_FILE); If (inputStream = = null) Info ( unable find auth mapping file + MAPPING_FILE); } else { Actions = parseConf (inputStream); } } Private Map parseConf (InputStream InputStream) { Try { SAXReader = new SAXReader (); Document Document = read.read (inputStream); Return c