filterservlet.java

eclipse java/jsp 航空管理系统

package kangyi;

import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import javax.servlet.FilterConfig;
import java.util.StringTokenizer;
import java.util.Vector;

import kangyi.XMLTest;
import kangyi.form.PageGrantForm;

/**
 * <p>Description : 过滤 登陆时判断用户权限 控制用户的操作功能</p>
 * <p>Project     : ciqms
 * <p>Company     : 东软股份国际合作事业部</p>
 * <p>Create Date : 2005.4.17</P>
 * @author        : 康毅 | kangyi@neusoft.com
 * @version       : 0.1
 *  
 */

public class FilterServlet implements Filter {

	protected String NO_GRANT_PAGE = "filter.jsp";

	protected FilterConfig filterConfig;

	public void doFilter(final ServletRequest req, final ServletResponse res,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest hreq = (HttpServletRequest) req;
		HttpServletResponse hres = (HttpServletResponse) res;
		/*五个字符串获得用户的权限*/
		String userSelectGrant = (String) hreq.getSession().getAttribute(
				"userSelectGrant");
		String userAddGrant = (String) hreq.getSession().getAttribute(
				"userAddGrant");
		String userDeleteGrant = (String) hreq.getSession().getAttribute(
				"userDeleteGrant");
		String userUpdateGrant = (String) hreq.getSession().getAttribute(
				"userUpdateGrant");
		String userAdminGrant = (String) hreq.getSession().getAttribute(
				"userAdminGrant");
		/*获得用户可以操作的表名*/
		String userTableName = (String) hreq.getSession().getAttribute(
				"userTableName");
		/*五个字符串获得操作页面应该有的权限*/
		String pageSelectGrant = "N";
		String pageAddGrant = "N";
		String pageDeleteGrant = "N";
		String pageUpdateGrant = "N";
		String pageAdminGrant = "N";
		/*获得页面使用的表名，通过和用户的表名对比判断是否可以进行操作*/
		String pageTableName = "";
		/*xml文件的地址*/
		String pathname = "D:/tomcat4.1/webapps/ciqms/WEB-INF/pagegrant.xml";
		XMLTest xmltest = new XMLTest();
		Vector pagegrant_Vector = new Vector();
		try {
			pagegrant_Vector = xmltest.readXMLFile(pathname);
		} catch (Exception e) {
			System.out.println(e);
		}
		String pname = hreq.getRequestURI().toString();
        //String pname = hreq.getRequestURL().toString();
		PageGrantForm pgf = null;
		for (int i = 0; i < pagegrant_Vector.size(); i++) {
			pgf = (PageGrantForm) pagegrant_Vector.get(i);
			if (pgf.getPagename().equals(pname)) {
				pageSelectGrant = pgf.getPageSelectGrant();
				pageAddGrant = pgf.getPageAddGrant();
				pageDeleteGrant = pgf.getPageDeleteGrant();
				pageUpdateGrant = pgf.getPageUpdateGrant();
				pageAdminGrant = pgf.getPageAdminGrant();
				pageTableName = pgf.getPageTableName();
				break;
			}
		}
		System.out.println(pageTableName);
		System.out.println(pname);
		System.out.println(pgf.getPagename());
		System.out.println(pgf.getPageSelectGrant());
		System.out.println(userSelectGrant);
		boolean b = true;
		/** 用StringTokenizer方法来将字符串区分开，存入feixi对象中 */
		StringTokenizer fenxi = new StringTokenizer(pageTableName, ";");
		/** 取得分析字符串中的字符串个数 */
		int n = fenxi.countTokens();
		/** 用字符串的个数做一个最外面的循环 */
		for (int j = 0; j <= n; j++) {
			/** 如果有值，就进行判断将值赋给接受字符串 */
			if (fenxi.hasMoreTokens()) {
				String jieshou = fenxi.nextToken();
				/** 对这个字符串判断,如果是page页面的子串,那么就继续循环 */
				if (userTableName.indexOf(jieshou) != -1) {
					/** 只要是strDbTable的子串,那么就进行下一个字符串的判断 */
					continue;
				} else {
					/** 否则就有这个人无法操作的表,返回false */
					b = false;
				}
			}
		}
		System.out.println(userAddGrant);
		System.out.println(pageAddGrant);
		boolean bb=userSelectGrant.equals("Y");
		System.out.println(b);
		System.out.println(bb);
		if (userSelectGrant.equals("Y") && pageSelectGrant.equals("Y")  && b == true) {
			chain.doFilter(req, res);
			return;
		} else if (userAddGrant.equals("Y")&&pageAddGrant.equals("Y")  && b == true) {
			chain.doFilter(req, res);
			return;
		} else if (userDeleteGrant.equals("Y")&&pageDeleteGrant.equals("Y")  && b == true) {
			chain.doFilter(req, res);
			return;
		} else if (userUpdateGrant.equals("Y")&&pageUpdateGrant.equals("Y")  && b == true) {
			chain.doFilter(req, res);
			return;
		} else if (userAdminGrant.equals("Y")&&pageAdminGrant.equals("Y") && b == true) {
			chain.doFilter(req, res);
			return;
		} else {
			hres.sendRedirect(NO_GRANT_PAGE);
		}
	}

	public void destroy() {
		this.filterConfig = null;
	}

	public void init(FilterConfig config) {
		this.filterConfig = config;
	}

	public void setFilterConfig(final FilterConfig filterConfig) {
		this.filterConfig = filterConfig;
	}
}