用户注册



邮箱:

密码:

用户登录


邮箱:

密码:
记住登录一个月忘记密码?

发表随想


还能输入:200字

jun    -  云代码空间

—— 相信 ,梦

filter权限过滤器

2014-08-06|2234阅|作者:jun|举报

摘要:url级别的权限控制

package cn.itcast.web.filter;

import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.itcast.domain.User;

//权限过滤器
public class PrivilegeFilter implements Filter {
	public void destroy() {

	}

	public void doFilter(ServletRequest req, ServletResponse resp,
			FilterChain chain) throws IOException, ServletException {

		// 1.将请求与响应对象强制转换成http协议下的
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse) resp;

		response.setContentType("text/html;charset=utf-8");

		// 2.完成操作--通过user的role来判断当前资源是否可以访问(url极另的权限控制)

		// 2.1 得到访问的资源路径,判断它是否需要权限控制
		String uri = request.getRequestURI();
		String contextpath = request.getContextPath();
		String path = uri.substring(contextpath.length());
		// 这些路径是需要权限控制的
		if (adminRole.contains(path)||userRole.contains(path)) {
			// 2.2 得到当前登录用户
			User user = (User) request.getSession().getAttribute("user");

			if (user != null) {
				// 登录
				// 2.3得到当前用户的role
				String role = user.getRole();
				if ("admin".equals(role)) {

					if (adminRole.contains(path)) {
						// 说明当前要访问的资源,当前admin角色可以访问
						chain.doFilter(request, response);
						return;
					} else {
						throw new RuntimeException("权限不足");
					}

				} else {
					// 这是user角色
					if (userRole.contains(path)) {
						chain.doFilter(request, response);
						return;
					} else {
						throw new RuntimeException("权限不足");
					}
				}

			} else {
				// 没有登录
				response.getWriter().write(
						"请<a href='" + request.getContextPath()
								+ "/demo1/login.jsp'>登录</a>");
				return;
			}

		} else {
			chain.doFilter(request, response);
			return;
		}

		// 3.放行
		// chain.doFilter(request, response);
	}

	private List<String> adminRole = new ArrayList<String>();
	private List<String> userRole = new ArrayList<String>();

	public void init(FilterConfig config) throws ServletException {
		// 获取admin.txt,user.txt文件的绝对磁盘路径
		String adminPath = config.getServletContext().getRealPath(
				"/WEB-INF/admin.txt");
		String userPath = config.getServletContext().getRealPath(
				"/WEB-INF/user.txt");

		fillList(adminPath, adminRole);
		fillList(userPath, userRole);
	}

	// 将path代表的路径下的文件内容存储到指定的集合中
	private void fillList(String path, List<String> list) {

		try {
			BufferedReader br = new BufferedReader(new FileReader(path));
			String line = null;

			while ((line = br.readLine()) != null) {
				list.add(line);
			}

			br.close();

		} catch (FileNotFoundException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}

}

web.xml 

<!-- url级别的权限控制 -->
	<filter>
		<filter-name>privilege</filter-name>
		<filter-class>cn.itcast.web.filter.PrivilegeFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>privilege</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>


顶 1踩 0收藏
文章评论
    发表评论

    个人资料

    • 昵称: jun
    • 等级: 资深程序员
    • 积分: 1523
    • 代码: 94 个
    • 文章: 24 篇
    • 随想: 0 条
    • 访问: 7 次
    • 关注

    人气文章

    人气代码

    标签

    java(2)Hibernate(1)mysql(1)api(1)javascript(1)css(1)struts2(1)html(2)js(1)action(1)Lucene(2)工具类(1)操作工具类(1)lucence(1)dom(1)基础(1)Xml(1)语法(1)Dbutils(1)filter(4)上传下载(1)strut2(5)hibernate3(1)spring3.0(1)

    最新提问

      站长推荐