现在的位置: 首页 > 综合 > 正文

Web权限验证过滤器

2013年07月02日 ⁄ 综合 ⁄ 共 2235字 ⁄ 字号 评论关闭

本文只是描述了一个比较简单的入门级的权限过滤器

实际上更好的参考实现有两款产品:Apache的Shiro(其前身是JSecurity)和SpringSecurity


下面是Web工程中的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
	xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
	http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
	<filter>
		<filter-name>AuthenticationFilter</filter-name>
		<filter-class>com.jadyer.Filter.AuthenticationFilter</filter-class>
		<init-param>
			<param-name>url</param-name>
			<param-value>/admin/login.jsp</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>AuthenticationFilter</filter-name>
		<url-pattern>/admin/secure/*</url-pattern>
	</filter-mapping>
	
    <error-page>
    	<error-code>404</error-code>
    	<location>/WEB-INF/404.html</location>
    </error-page>
    <error-page>
    	<error-code>500</error-code>
    	<location>/WEB-INF/500.html</location>
    </error-page>
    <error-page>
    	<exception-type>javax.servle.ServletException</exception-type>
    	<location>/WEB-INF/error.html</location>
    </error-page>
    <error-page>
    	<exception-type>java.lang.NullPointerException</exception-type>
    	<location>/WEB-INF/error.html</location>
    </error-page>
</web-app>

下面是用于权限验证的过滤器AuthenticationFilter.java

package com.jadyer.Filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 权限验证
 */
public class AuthenticationFilter implements Filter {
	private String url = "/"; //代表根目录

	public void destroy() {}
	
	/**
	 * 获取web.xml中设定的参数url的值
	 * @see 即读取web.xml中的<param-name>url</param-name>
	 */
	public void init(FilterConfig config) throws ServletException {
		url = config.getInitParameter("url");
	}

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		//这两行的强制类型转换是必不可少的
		HttpServletRequest req = (HttpServletRequest) request;
		HttpServletResponse res = (HttpServletResponse) response;
		//如果是普通用户或者管理员session已过期,则转到指定页面并返回,而不再执行下一个过滤链
		if (null == req.getSession().getAttribute("guesbook.admin.username")) {
			res.sendRedirect(req.getContextPath() + url);
		} else {
			chain.doFilter(request, response);
		}
	}
}
返回
【上篇】
【下篇】

作者:

抱歉!评论已关闭.

返回首页

Copyright © 2013-2018 学步园  保留所有权利.
软文销售 QQ客服:2265327166 点击这里给我发消息(其他合作也可洽谈)
必威体育
必威电竞