downloadfilter.java

来自「源码/软件简介: 云网论坛1.1RC国际版是采用JSP开发的集论坛、CMS(网」· Java 代码 · 共 79 行

JAVA
79
字号
package com.redmoon.forum;

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import cn.js.fan.util.*;
import cn.js.fan.module.pvg.Privilege;
import cn.js.fan.module.pvg.Priv;
import org.apache.log4j.Logger;

public class DownloadFilter implements Filter {
    FilterConfig config;

    public void doFilter(ServletRequest req, ServletResponse res,
                         FilterChain chain) throws ServletException,
            IOException {
        ServletContext context = config.getServletContext();

        if (req instanceof HttpServletRequest) {
            HttpServletRequest req1 = (HttpServletRequest) req;
            Privilege privilege = new Privilege();
            // System.out.print(req1.getRequestURL());
            // 如果是处理在downloads目录下的文件
            String url = req1.getRequestURL().toString();

            // Logger.getLogger(this.getClass().getName()).info("doFilter" +
            //                          " url=" + url + " server=" + req1.getServerName());

            if (url.indexOf("forum/upfile") != -1) {
                Config cfg = new Config();
                if (cfg.getBooleanProperty("forum.checkReferer")) {
                    // 防盗链
                    String callingPage = req1.getHeader("Referer");
                    // Logger.getLogger(this.getClass().getName()).info("doFilter referer=" +
                    //                  callingPage + " url=" + url + " server=" + req1.getServerName());
                    if (callingPage == null ||
                        callingPage.indexOf(req1.getServerName()) != -1) {
                    } else {
                        // 非法
                        url = "http://" + req1.getServerName() + ":" +
                              req1.getServerPort() + req1.getContextPath() +
                              "/images/err_pvg.gif"; // onerror.htm";//  + req1.getRequestURI();
                        ((HttpServletResponse) res).sendRedirect(url);
                        return;
                    }
                }
            }
            else {
                // 如果不是管理员
                if (!privilege.isUserPrivValid(req1, Priv.PRIV_ADMIN)) {
                    RequestDispatcher rd = null;
                    url = "http://" + req1.getServerName() + ":" +
                          req1.getServerPort() + req1.getContextPath() +
                          "/onerror.htm"; //  + req1.getRequestURI();
                    res.setContentType("text/html;charset=gb2312");
                    PrintWriter out = res.getWriter();
                    out.print(StrUtil.makeErrMsg(
                            "<p align=center>对不起,您未获得授权!</p>"));
                    // 也可以重定向
                    // System.out.println(url);
                    // rd = req.getRequestDispatcher(url);
                    // rd.forward(req, res); //有时这行会不灵,所以用下行
                    // ((HttpServletResponse) res).sendRedirect(url);
                    return;
                }
            }
            chain.doFilter(req, res);
        }
    }

    public void init(FilterConfig config) throws ServletException {
        this.config = config;
    }

    public void destroy() {
        this.config = null;
    }
}

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?