📄 authfilter.java
字号:
/*
* @(#)RoleDAO.java 2005/10/18
*
* Copyright (c) 2003-2005 ASPire Technologies, Inc.
* 6/F,IER BUILDING, SOUTH AREA,SHENZHEN HI-TECH INDUSTRIAL PARK Mail Box:11# 12#.
* All rights reserved.
*/
package org.appfuse.webapp.filter;
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import org.apache.commons.logging.*;
import org.appfuse.util.security.*;
import org.appfuse.util.*;
import org.jdom.*;
import org.jdom.input.*;
import org.appfuse.service.StaffManager;
import org.appfuse.model.Staff;
/**
* <p>Title: securityservice</p>
* @author maoqian
* @version 1.0
*/
public class AuthFilter extends HttpServlet implements Filter{
private FilterConfig filterConfig;
private static Log log = LogFactory.getLog(AuthFilter.class);
public static ArrayList unProtectedRes = null;
private static Element rootElement = null;
public AuthFilter() {
}
public void init(FilterConfig filtercfg) throws javax.servlet.
ServletException {
getUnprotectedResources();
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterchain) throws java.io.IOException,
javax.servlet.ServletException {
try {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse)response;
String tempURL = req.getRequestURI();
// log.debug("getRequestURI: " + tempURL);
// log.debug("getRequestURL: " + req.getRequestURL().toString());
log.debug("getRequestURL + queryString: " + req.getRequestURL().toString() + "?" + req.getQueryString());
boolean isUnprotected = isUnprotectedUrl(req);
if(isUnprotected){
filterchain.doFilter(request, response);
return;
}
if(req.getSession().getAttribute("staff") == null){
resp.sendRedirect("login.jsp");
return;
}
Staff staff = (Staff)req.getSession().getAttribute("staff");
if(checkSafe(req, staff)){
filterchain.doFilter(request, response);
return;
} else {
resp.sendRedirect("checkfail.jsp");
}
} catch(Exception e) {
log.error("error in authorization filter", e);
}
}
private boolean isUnprotectedUrl(HttpServletRequest request) {
String url = request.getRequestURI().toString();
int index = url.lastIndexOf("/");
if(index > -1){
url = url.substring(index + 1);
}
for(int i = 0; i < unProtectedRes.size(); i++){
String temp = (String)unProtectedRes.get(i);
if(url.lastIndexOf(temp) > -1)
return true;
}
if(url.endsWith(".do")){
url = url + "?" + request.getQueryString();
for(int i = 0; i < unProtectedRes.size(); i++){
String temp = (String)unProtectedRes.get(i);
if(url.indexOf(temp) > -1)
return true;
}
}
return false;
}
private boolean checkSafe(HttpServletRequest request, Staff staff) {
String url = request.getRequestURI();
String action = request.getParameter("method");
int index = url.lastIndexOf("/");
if(index > -1){
url = url.substring(index + 1);
}
if(url.endsWith(".do")){
if(action == null) {
action ="list";
}
try {
log.debug("checkSafe: " + url + "|"+ action);
return staff.checkSafe(url, action);
}catch(Exception es){
log.error(es);
}
} else {
return true;//对于那些需要打开才能进行的操作,主要是:创建、编辑这类页面
}
return false;
}
public void destroy() {
}
/**
* 载入配置文件
* @param cfg 配置文件名称
*/
public static void load(String cfg) {
try {
rootElement = new SAXBuilder().build(new File(cfg)).getRootElement();
} catch(Exception e) {
e.printStackTrace();
}
}
/**
* 获得配置文件中指定名称的Element
* @param elementName
* @return
*/
public static Element getElement(String elementName) {
return rootElement.getChild(elementName);
}
/**
* 获取不受访问限制的资源信息列表,调用之前需要先执行load()方法;
*/
public static void getUnprotectedResources() {
if(unProtectedRes == null) {
unProtectedRes = new ArrayList();
List urlList = new ArrayList();
Element interceptors = getElement("unprotectedurls");
urlList = interceptors.getChildren("unprotectedurl");
Iterator it = urlList.iterator();
Element tmpElement = null;
while(it.hasNext()) {
tmpElement = (Element)it.next();
unProtectedRes.add(tmpElement.getAttributeValue("url"));
}
}
}
public static void main(String[] args) {
AuthFilter tools = new AuthFilter();
tools.load("config/unprotectedurl.xml");
tools.getUnprotectedResources();
//System.out.println(unProtectedRes.toString());
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -