securitymanager.java

EOS的一个很好的例子.包括页面构件、展现构件

/*
 * 创建日期 2005-11-8
 */
package com.primeton.eos.fbframe.fbrole.security.impl;

import javax.servlet.http.HttpServletRequest;
import com.primeton.eos.fbframe.config.FbFrameConfig;

/**
 * @author ZhangXueyong
 *
 */
public class SecurityManager {
	
	public static String nextPage(EOSRequest er){
		
		//没有执行权限的情况
		HttpServletRequest rq = er.getHttpServletRequest();
		String feedback = rq.getContextPath();
		String message = "";
		switch(er.getEOSRequestType()){
			case EOSRequest.EOS_BIZLOGIC:
			case EOSRequest.EOS_FORWARD_BIZ:
				feedback = feedback + "/fbrole/main/RichClientNoPermission.jsp?return/message=" + er.getEOSRequestURL();
				break;
			case EOSRequest.EOS_NOT_INVOLVED:
				feedback = feedback + "/fbrole/main/noResource.jsp?return/message=" + er.getEOSRequestURL();
				break;
			case EOSRequest.EOS_PRLOGIC:
			case EOSRequest.EOS_JSPLOGIC:
			case EOSRequest.EOS_FORWARD_JSP:
				String noPermission = FbFrameConfig.getInstance().getNoPermissionPage();
				feedback = feedback + noPermission + "?return/message=" + er.getEOSRequestURL();
				break;
			case EOSRequest.LOGIN_FOR_EOS:
				feedback = feedback + FbFrameConfig.getInstance().getWelcomeFile();
		}
		
		return feedback;
	}
	
	/*
	 * 检验请求的资源权限(只包含登陆之后调用资源的情况) 。
	 */
	public static boolean doAuth(EOSRequest er){
		
		boolean checkResult = true;
		HttpServletRequest rq = er.getHttpServletRequest();
		SessionCheckedResourceManager scrm = SessionCheckedResourceManager.getSessionInstance(rq);
		String actionName = er.getEOSResourceName();
       
		//根据不同的资源类型进行不同的验证
		switch(er.getEOSRequestType()){
		
			//直接调用展现逻辑的情况
			case EOSRequest.EOS_PRLOGIC:
				if( GlobalCheckedPrsManager.getInstance().contains(actionName) && !scrm.exitsInMyPrs(actionName))
					checkResult = false;
				break;
			
	        //直接调用业务逻辑的情况
			case EOSRequest.EOS_BIZLOGIC:
				if( GlobalCheckedBizsManager.getInstance().contains(actionName) && !scrm.exitsInMyBizs(actionName))
					checkResult = false;
				break;
				
            //直接调用JSP的情况
			case EOSRequest.EOS_JSPLOGIC:
				//是否对这个JSP开放权限
				if( GlobalCheckedJspsManager.getInstance().contains(actionName) && !scrm.exitsInMyJsps(actionName))
					checkResult = false;	
				break;
				
            //间接调用业务逻辑的情况
			case EOSRequest.EOS_FORWARD_BIZ:
				if( GlobalCheckedBizsManager.getInstance().contains(actionName) && !scrm.exitsInMyBizs(actionName))
					checkResult = false;
				break;
				
			//间接调用JSP的情况
			case EOSRequest.EOS_FORWARD_JSP:
				//是否对这个JSP开放权限
				if( GlobalCheckedJspsManager.getInstance().contains(actionName) && !scrm.exitsInMyJsps(actionName))
					checkResult = false;
				break;
			
			case EOSRequest.EOS_NOT_INVOLVED:
				checkResult = false;
				break;
		}
		
		return checkResult;
	}
}