deleteaccesscontrolfilter.java

eclipse java/jsp 航空管理系统

/** 
 * @(#)DeleteAccessControlFilter.java 1.0 2005/05/11 
 * <p>copyright:    Copyright 东软 国际合作事业部版权所有</p>
 * <p>company:      neusoft</p>
 * <p>time:         2005.05.11</p>
 */
package qujl.filter;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import qujl.LogWriter;
import qujl.bean.PrivilegeBean;

/**
 * DeleteAccessControlFilter 用户删除权限过滤器
 * 
 * @author  曲金龙 qujl@neusoft.com
 * @version 1.0 2005/05/11
 */
public class DeleteAccessControlFilter implements Filter {
    private FilterConfig config = null;
    private String adminGroupPage;
    
    /**
     * DeleteAccessControlFilter初始化方法
     */
    public void init(FilterConfig config) throws ServletException {
        this.config = config;
        adminGroupPage = config.getInitParameter("adminGroupPage");
        if(adminGroupPage == null) {
            throw new ServletException("adminGroupPage init param missing");
        }
    }
    
    /**
     * DeleteAccessControlFilter销毁方法
     */
    public void destroy() {
        config = null;
    }
    
    /**
     * DeleteAccessControlFilter过滤规则(方法)
     */
    public void doFilter(ServletRequest request, 
            ServletResponse response, FilterChain chain) 
            throws IOException, ServletException {
        HttpServletRequest httpReq = (HttpServletRequest) request;
        HttpServletResponse httpResp = (HttpServletResponse) response;
        
        if(!isAuthenticated(httpReq)) {
            String forwardURI = getForwardURI(httpReq);
            System.out.println("forwardURI:" + forwardURI);
 
            ServletContext context = config.getServletContext();
            RequestDispatcher rd = context.getRequestDispatcher(forwardURI);
            if(rd == null) {
                httpResp.sendError(
                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR, 
                        "adminGroup page doesn't exist");
            }
            rd.forward(request, response);
            return;
        }
        chain.doFilter(request, response);
    }
    
    /**
     * 调用PrivilegeBean的isHaveTable()方法, getSelectPrilege()方法和
     * getDeletePrivilege()方法,判断用户是否被授权
     * 
     * @param request 用户的request
     * @return isAuthenticated 是否被授权
     */
    private boolean isAuthenticated(HttpServletRequest request) {
        boolean isAuthenticated = false;
        HttpSession session = request.getSession();
        PrivilegeBean privilegeBean = new PrivilegeBean(session);
        if(privilegeBean.isHaveTable() 
                && privilegeBean.getDeletePrivilege().equals("Y") 
                && privilegeBean.getSelectPrilege().equals("Y")) {
            isAuthenticated = true;
            
            /** 记录用户操作日志 */
            LogWriter.writeOperation(request, "用户删除权限组授权", true);
        } else {
            /** 记录用户操作日志 */
            LogWriter.writeOperation(request, "用户删除权限组授权", false);
        }
        return isAuthenticated;
    }
    
    /**
     * 用户未授权的跳转URI
     * @param request 用户的request
     * @return URI 跳URI
     * @throws UnsupportedEncodingException
     */
    private String getForwardURI(HttpServletRequest request) 
        throws UnsupportedEncodingException {
        StringBuffer uri = new StringBuffer(adminGroupPage);
        return uri.toString();
    }
}