现在的位置: 首页 > 综合 > 正文

Filter来控制权限

2013年10月14日 ⁄ 综合 ⁄ 共 2208字 ⁄ 字号 评论关闭

文章出自:http://neil-jh.javaeye.com/blog/191341

目前很多项目对权限的控制一般普遍使用Acgi来控制权限。这里对老技术做一个回顾,曾经使用过Filter来控制权限,如果对Filter不是很熟悉的朋友,可以简单看下,也许多少会有些帮助。

public class PopedomFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;

        String contextPath = httpServletRequest.getContextPath();   //取得项目当前根目录   例如:/project
        String currentPath = httpServletRequest.getRequestURI();    //取得当前要访问的页面目录   /project/admin/xxx.action

        if (!checkUserPopedom(httpServletRequest, httpServletResponse, contextPath, currentPath)) {     //检查当前访问的路径是否包含在此用户的权限列表中,如果不存在return出去,不进行下一步的调用
            return;
        }

        filterChain.doFilter(servletRequest, servletResponse);

    }

    private boolean checkUserPopedom(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String contextPath, String currentPath) throws IOException {
        User user = (User) httpServletRequest.getSession(true).getAttribute("user");

        if (user == null) {
            httpServletResponse.sendRedirect(contextPath + "/");
            return false;
        } else {
            if (!checkPopedom(user, contextPath, currentPath)) {
                httpServletResponse.sendRedirect(contextPath + "/");
                return false;
            }
        }

        return true;
    }

    private boolean checkPopedom(User user, String contextPath, String currentPath) {
        if (user.getSystemResourceList() != null) {
            for (SystemResource resource : user.getSystemResourceList()) {
                String url = contextPath + resource.getActionUrl().trim();
                if (url.equals(currentPath)) {
                    return true;
                }
            }
        }
        return false;
    }

    public void destroy() {
    }
}

 

在web.xml 中需要对这个Filter进行配置如下

<filter>
     <filter-name>PopedomFilter </filter-name>
     <filter-class>...filter.RightFilter</filter-class>
 </filter>

<filter-mapping>
     <filter-name>PopedomFilter </filter-name>
     <url-pattern>*.action</url-pattern>

 </filter-mapping>

抱歉!评论已关闭.