downloadfilter.java

源码/软件简介: 云网论坛1.1RC国际版是采用JSP开发的集论坛、CMS（网站内容管理系统）、博客、聊天室、商城、交友、语音灌水等于一体的门户式社区。拥有CWBBS ( Cloud Web BBS

package com.redmoon.forum;

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import cn.js.fan.util.*;
import cn.js.fan.module.pvg.Privilege;
import cn.js.fan.module.pvg.Priv;
import org.apache.log4j.Logger;

public class DownloadFilter implements Filter {
    FilterConfig config;

    public void doFilter(ServletRequest req, ServletResponse res,
                         FilterChain chain) throws ServletException,
            IOException {
        ServletContext context = config.getServletContext();

        if (req instanceof HttpServletRequest) {
            HttpServletRequest req1 = (HttpServletRequest) req;
            Privilege privilege = new Privilege();
            // System.out.print(req1.getRequestURL());
            // 如果是处理在downloads目录下的文件
            String url = req1.getRequestURL().toString();

            // Logger.getLogger(this.getClass().getName()).info("doFilter" +
            //                          " url=" + url + " server=" + req1.getServerName());

            if (url.indexOf("forum/upfile") != -1) {
                Config cfg = new Config();
                if (cfg.getBooleanProperty("forum.checkReferer")) {
                    // 防盗链
                    String callingPage = req1.getHeader("Referer");
                    // Logger.getLogger(this.getClass().getName()).info("doFilter referer=" +
                    //                  callingPage + " url=" + url + " server=" + req1.getServerName());
                    if (callingPage == null ||
                        callingPage.indexOf(req1.getServerName()) != -1) {
                    } else {
                        // 非法
                        url = "http://" + req1.getServerName() + ":" +
                              req1.getServerPort() + req1.getContextPath() +
                              "/images/err_pvg.gif"; // onerror.htm";//  + req1.getRequestURI();
                        ((HttpServletResponse) res).sendRedirect(url);
                        return;
                    }
                }
            }
            else {
                // 如果不是管理员
                if (!privilege.isUserPrivValid(req1, Priv.PRIV_ADMIN)) {
                    RequestDispatcher rd = null;
                    url = "http://" + req1.getServerName() + ":" +
                          req1.getServerPort() + req1.getContextPath() +
                          "/onerror.htm"; //  + req1.getRequestURI();
                    res.setContentType("text/html;charset=gb2312");
                    PrintWriter out = res.getWriter();
                    out.print(StrUtil.makeErrMsg(
                            "<p align=center>对不起，您未获得授权！</p>"));
                    // 也可以重定向
                    // System.out.println(url);
                    // rd = req.getRequestDispatcher(url);
                    // rd.forward(req, res); //有时这行会不灵，所以用下行
                    // ((HttpServletResponse) res).sendRedirect(url);
                    return;
                }
            }
            chain.doFilter(req, res);
        }
    }

    public void init(FilterConfig config) throws ServletException {
        this.config = config;
    }

    public void destroy() {
        this.config = null;
    }
}