import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.FilterChain;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletResponse;
public class PermissiondoFilter implements Filter {
private FilterConfig filterConfig;
private FilterChain chain;
private HttpServletRequest request;
private HttpServletResponse response;
public void destroy() {
this.filterConfig = null;
}
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain chain) {
this.chain = chain;
this.request = (HttpServletRequest) servletRequest;
this.response = ((HttpServletResponse) servletResponse);
String url = request.getRequestURI();
System.out.println("访问的完整路径-->" + url);
try {
HttpSession session = request.getSession();
// 获取网站访问根目录
String accessPath = request.getContextPath();
System.out.println("-访问的网站根目录-" + accessPath);
// 截获根目录以后的路径即'/项目名'以后的路径;
url = url.substring(accessPath.length() + 1, url.length());
System.out.println("-访问-" + url);
LoginUser loginUser = (LoginUser) session.getAttribute("loginUser");
System.out.println("url-->" + url);
if (noVerifyUrl(url, request)) {
chain.doFilter(request, response);
} else if (loginUser == null) {
response.sendRedirect(accessPath + "/login.jsp");
} else {
System.out.println(loginUser.getUserName() + "-访问-" + url);
verifyUrl(url, loginUser);
}
} catch (Exception sx) {
sx.printStackTrace();
}
}
/**
* @param url
* 当前请求的url
* @param loginUser
* 当前登录用户
* @throws IOException
* @throws ServletException
*/
private void verifyUrl(String url, LoginUser loginUser) throws IOException,
ServletException {
// 获取user拥有的所有资源串
String sturl = loginUser.getUrl();
System.out.println("可以访问的地址--->" + sturl);
String url1 = null;
String url2 = null;
String url3 = null;
url1 = url.substring(0, url.indexOf("/"));
if (sturl.indexOf(url) >= 0) {
System.out.println("有权访问!");
chain.doFilter(request, response);
return;
}
url1 = url.substring(0, url.indexOf("/") + 1);
if (sturl.indexOf(url1 + "*") >= 0) {
System.out.println("有权访问!");
chain.doFilter(request, response);
return;
}
url2 = url.substring(url1.length(), url.length());
if (null != url2) {
while (url2.contains("/")) {
url2 = url.substring(url1.length(), url.length());
url1 = url1 + url2.substring(0, url2.indexOf("/") + 1);
url3 = url1 + "*";
System.out.println("可以访问的地址url3--->" + url3);
if (sturl.indexOf(url3) >= 0) {
System.out.println("有权访问!");
chain.doFilter(request, response);
return;
}
}
}
System.out.println("无权限!");
response.setContentType("text/html;charset=UTF-8");
response.getWriter().println("<div>Sorry,您没有权限访问该资源!</div>");
}
/**
* 是否需要判断权限,如客户端浏览、登录页面则不需要判断权限
*/
protected boolean noVerifyUrl(String url, HttpServletRequest request) {
// login.action
String exclude = "login.jsp,loginAction.action";
if (exclude.indexOf(url) >= 0) {
return true;
}
return false;
}
}URL权限过滤
于 2011-01-24 11:13:29 首次发布
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
