利用过滤器设置权限
在web.xml中进行如下设置
AccessFilter 类继承了 javax.servlet.Filter,下面是具体实现。。
关键是doFilter类,其他的可根据个人习惯及想法实现。
<filter>
<filter-name>access</filter-name>
<filter-class>net.resume.web.AccessFilter</filter-class>
<init-param>
<param-name>access.config</param-name>
<param-value>WEB-INF/access-config.properties</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>access</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
AccessFilter 类继承了 javax.servlet.Filter,下面是具体实现。。
关键是doFilter类,其他的可根据个人习惯及想法实现。
package net.resume.web;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.resume.Contants;
import net.resume.model.User;
import net.resume.service.ServiceException;
import net.resume.service.ServiceFactory;
import net.resume.service.ServicesConfigException;
import net.resume.service.ServicesInstanceExcepption;
import net.resume.service.UserServices;
public class AccessFilter implements Filter {
private Properties config ;
public AccessFilter() {
super();
// TODO 自动生成构造函数存根
}
public void init(FilterConfig cfg) throws ServletException {
config = new Properties();
String filename = cfg.getInitParameter("access.config");
filename = cfg.getServletContext().getRealPath(filename);
try {
config.load(new FileInputStream(filename));
} catch (Exception e) {
e.printStackTrace();
throw new ServletException(e);
}
}
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse)res;
String page = parse(request);
String roleName = config.getProperty(page);
//忽略没有登记授权的页面
if(roleName==null){
chain.doFilter(request, response);
return;
}
//检查是否登陆用户
if(!isLogin(request)){
response.sendRedirect(config.getProperty("login.page"));
return;
}
User user = getLoninUser(request);
//验证是否有权限
if(!hasRole(user, roleName)){
response.sendRedirect(config.getProperty("access.error.page"));
return;
}
chain.doFilter(request, response);
}
private boolean hasRole(User user, String roleKeys){
boolean rv = false;
try {
ServiceFactory factory = ServiceFactory.getInstance();
UserServices services = factory.getUserService();
String[] roles = roleKeys.trim().split(",");
for (int i = 0; i < roles.length; i++) {
String roleKey = roles<i>;
boolean hasRight = services.checkRole(user,roleKey);
if(hasRight){
rv = hasRight;
break;
}
}
} catch (ServicesConfigException e) {
e.printStackTrace();
} catch (ServicesInstanceExcepption e) {
e.printStackTrace();
} catch (ServiceException e) {
e.printStackTrace();
}
return rv;
}
private User getLoninUser(HttpServletRequest request){
return (User) request.getSession().getAttribute(Contants.LOGIN_USER);
}
private boolean isLogin(HttpServletRequest request) {
User user = (User) request.getSession().getAttribute(Contants.LOGIN_USER);
return user!=null;
}
private String parse(HttpServletRequest request) {
StringBuffer url = request.getRequestURL();
//String page = url.substring(url.indexOf())
StringBuffer page = new StringBuffer();
int count = 0;
for(int i = 0; i<url.length(); i++){
char c = url.charAt(i);
if(c=='/')
count++;
if(count>=4)
page.append(c);
}
page.deleteCharAt(0);
return page.toString();
}
public void destroy() {
// TODO 自动生成方法存根
}
}
weiking
2006-07-01 17:43:35
评论:0
阅读:1069
引用:0