本文介绍了一种权限验证过滤器的实现方式,该过滤器同时处理请求拦截与乱码纠正功能。通过设置HTTP请求和响应对象,实现了对特定路径的访问控制,并利用session进行登录状态验证,防止未授权访问。
代码源于网络共享起初只是针对请求的拦截后来我给加上了session验证
package com.ifan.servlet;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts.action.ActionMapping;
import org.json.simple.JSONObject;
/**
* 权限验证过滤器,副业是乱码纠
*/
public class VerificationFilter implements Filter{
/**
* HttpServletRequest对象
*/
private HttpServletRequest thisRequest;
/**
* HttpServletResponse对象
*/
private HttpServletResponse thisResponse;
/**
* The default character encoding to set for requests that pass through
* this filter.
*/
protected String encoding = null;
/**
* The filter configuration object we are associated with. If this value
* is null, this filter instance is not currently configured.
*/
protected FilterConfig filterConfig = null;
/**
* Should a character encoding specified by the client be ignored?
*/
protected boolean ignore = true;
/**
* init
*/
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
this.encoding = filterConfig.getInitParameter("encoding");
String value = filterConfig.getInitParameter("ignore");
if (value == null){
this.ignore = true;
}else if (value.equalsIgnoreCase("true")){
this.ignore = true;
}else if (value.equalsIgnoreCase("yes")){
this.ignore = true;
}else{
this.ignore = false;
}
}
/**
* destroy
*/
public void destroy() {
this.encoding = null;
this.filterConfig = null;
}
/**
* doFilter
*/
public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
// Conditionally select and set the character encoding to be used
if (ignore || (request.getCharacterEncoding() == null)) {
String encoding = selectEncoding(request);
if (encoding != null){
request.setCharacterEncoding(encoding);
}
}
thisRequest = (HttpServletRequest)request;
thisResponse = (HttpServletResponse)response;
String loginType=loginType=thisRequest.getParameter("loginType")==null?"":thisRequest.getParameter("loginType");
if(loginType.equals("2")){
//这是获取action请求的
String path = thisRequest.getRequestURI()+"?"+thisRequest.getQueryString();
//这里拦截是不是登录或者注销方法 除了这2个方法其余的都要验证
if(!path.contains("user.php?users=loginByAcount") && !path.contains("user.php?users=logout")&& !path.contains("user.php?users=loginTimeOut")){
//下面这段很简单了 就是判断如果session不存在了 那就是登录超时 由于配合试用dwz框架 所以反悔的数据格式是json 大家可以改成返回一个页面
HttpSession session=thisRequest.getSession(true);
String admin=(String)session.getAttribute("uacount");
if(admin==null||admin==""){
String relId=thisRequest.getParameter("relId");
try {
String resultStr="{\"statusCode\":\"301\",\"message\":\"当前会话已超时,请重新登录!\",\"navTabId\":\" \",\"callbackType\":\" \",\"forwardUrl\":\" \"}";
thisResponse.setContentType("text/json;charset=utf-8");
thisResponse.getWriter().print(resultStr);
return ;
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
chain.doFilter(thisRequest,thisResponse);
}
/**
* return this.encoding
* @param request
* @return
*/
protected String selectEncoding(ServletRequest request) {
return (this.encoding);
}
}
扫一扫
2092
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
