标签:过滤器
web.xml 页面
<!--权限jsp过滤器-->
<filter >
<filter-name>jsppermission </filter-name>
<filter-class>com.weizhi.common.filter.JSPPermissionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>jsppermission </filter-name>
<url-pattern>/administrator/*</url-pattern>
</filter-mapping>
<!--权限action过滤器-->
<filter >
<filter-name>actionpermissiondo </filter-name>
<filter-class>com.weizhi.common.filter.ActionPermissionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>actionpermissiondo </filter-name>
<url-pattern>*.ao</url-pattern>
</filter-mapping>
*****************************java类*****************************************
package com.weizhi.common.filter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.weizhi.common.domain.WzUser;
import com.weizhi.common.util.CommonConstants;
import com.weizhi.common.util.CommonUtil;
public class ActionPermissionFilter implements Filter{
public static Log _log = LogFactory.getLog(ActionPermissionFilter.class);
// 1,doFilter方法的第一个参数为ServletRequest对象。
// 此对象给过滤器提供了对进入的信息(包括表单数据、cookie和HTTP请求头)的完全访问。
// 第二个参数为ServletResponse,通常在简单的过滤器中忽略此参数。
// 最后一个参数为FilterChain,此参数用来调用servlet或JSP页。
private FilterConfig filterConfig;
private FilterChain chain;
private HttpServletRequest request;
private HttpServletResponse response;
public void destroy() {
this.filterConfig = null;
}
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain chain) {
_log.info("进入了Actionfileter");
this.chain = chain;//束缚
this.request = (HttpServletRequest) servletRequest;
// 如果处理HTTP请求,并且需要访问诸如getHeader或getCookies等在ServletRequest中无法得到的方法,
// 就要把此request对象构造成HttpServletRequest
this.response = ((HttpServletResponse) servletResponse);
// 获取当前页面文件名此处url为:/Gzlkh/login.jsp
String url = request.getRequestURI();
// 此处截取的url为:login.jsp
url = url.substring(url.lastIndexOf("/") + 1, url.length());
try {
HttpSession session = request.getSession();
// 获取网站访问根目录
String accessPath = request.getContextPath();
// 获取用户登录验证信息
WzUser st = (WzUser)session.getAttribute(CommonConstants.SESSION_USER);
if (noFileUrl(url, request)) {
// 不需要判断权限的请求如登录页面,则跳过
chain.doFilter(request, response);// 继续执行请求
} else if (st == null) {
response.sendRedirect(accessPath + "/index.shtml");
// 未登录或超时,返回登陆页面
} else {
verifyUrl(url, st);// 判断当前user是否拥有访问此url的权限
}
} catch (Exception sx) {
sx.printStackTrace();
}
}
/**
* 判断当前user是否拥有访问此url的权限
* @param url
* 当前请求的url
* @param st
* 当前登录用户信息
* @throws Exception
*/
private void verifyUrl(String url, WzUser st) throws Exception {
boolean isqiantai = CommonUtil.hasexistingroup(st.getUserId(), "前台用户组");
boolean ishoutai = CommonUtil.hasexistingroup(st.getUserId(), "后台用户组");
//以下判断用户是否有进入该页面的权限,有则加入
if ((request.getRequestURI().contains("abc") && isqiantai)||request.getRequestURI().contains("123") ||request.getRequestURI().contains("okm") ) {
chain.doFilter(request, response);
}else
if (ishoutai && !request.getRequestURI().contains("front")) {
chain.doFilter(request, response);
}
else {
//用户无权限跳转提示
response.setContentType("text/html;charset=GBK");
response.getWriter().println("<div style=‘margin: 100 auto;text-align: center; "
+ "font: bold 18px 宋体;color: #0066CC;vertical-align: middle‘> Sorry,您没有权限访问该资源!</div>");
}
}
/**
* 特殊页面判断
* 是否需要判断权限,如客户端浏览、登录页面则不需要判断权限
*/
protected boolean noFileUrl(String url, HttpServletRequest request) {
//不需要权限验证的页面动作等
_log.info("url="+url);
String exclude = "login.do";
//判断请求页面是否是特殊页面
if (exclude.indexOf(url) >= 0
|| "imageaction.do".indexOf(url) >= 0
) {
return true;
}
return false;
}
}
本文出自 “二进制转换” 博客,请务必保留此出处http://pangxiong.blog.51cto.com/9560480/1586320
标签:过滤器
原文地址:http://pangxiong.blog.51cto.com/9560480/1586320