authorizationfilter.java

tbuy1.1.5是在netbeans环境下用JSF技术编写的一个论坛tbuy1.1.5是在netbeans环境下用JSF技术编写的一个论坛

/*
 * 作者: 胡李青
 * qq: 31703299
 * Copyright (c) 2007 huliqing
 * 主页 http://www.tbuy.biz/
 * 你可以免费使用该软件，未经许可请勿作用于任何商业目的,如有技术问题请与本人联系！
 *
 * 该类主要用于整个网站的授权过滤
 */

package biz.tbuy.common;

import biz.tbuy.user.*;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/**
 * @author huliqing
 * <p><b>qq：</b>31703299
 * <p><b>E-mail：</b><a href="mailto:huliqing.cn@gmail.com">huliqing.cn@gmail.com</a>
 * <p><b>Homepage：</b><a href="http://www.tbuy.biz/">http://www.tbuy.biz/</a>
 */
public class AuthorizationFilter implements Filter{
    private FilterConfig filterConfig = null;
    private static final String DEFAULT_LOGIN_URI = "/common/user/login.jsp";
    public AuthorizationFilter() {
    }
    
    /**
     * @param request
     * @param response
     * @param chain
     * @throws java.io.IOException
     * @throws javax.servlet.ServletException
     */
    public void doFilter(ServletRequest request, 
            ServletResponse response,
            FilterChain chain)throws IOException, ServletException {
        HttpServletRequest requestHttp = (HttpServletRequest)request;
        // 授权检查
        if (!checkAuthorization(requestHttp)) {
            // System.out.println("拒绝访问...");
            RequestDispatcher requestDispatcher = 
                    request.getRequestDispatcher(DEFAULT_LOGIN_URI);
            requestDispatcher.forward(request, response);
        } else {
            // System.out.println("允许访问...");
            try {
                chain.doFilter(request, response);
            } catch(Throwable t) {}
        }
    }
    
    /**
     * 检查用户的访问权限
     */ 
    private boolean checkAuthorization(HttpServletRequest request) {
        String uri = request.getRequestURI();
        Visitor visitor = getVisitor(request);
        Auth auth = ComApplication.getInstance().getAuthOper();
        return auth.isAllow(uri, visitor);
    }
    
    /**
     * 获取visitor对象
     */ 
    private Visitor getVisitor(HttpServletRequest request) {
        Visitor visitor = null;
        HttpSession session = request.getSession(false);
        try {
            visitor = (Visitor)session.getAttribute("visitor");
        } catch (Exception e) {
            //System.out.println("visitor is null");
        }
        return visitor;
    }
    
    /**
     * Return the filter configuration object for this filter.
     * @return filterConfig
     */
    public FilterConfig getFilterConfig() {
        return (this.filterConfig);
    }
    
    /**
     * Set the filter configuration object for this filter.
     * @param filterConfig The filter configuration object
     */
    public void setFilterConfig(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    }
    
    /**
     * Destroy method for this filter
     */
    public void destroy() {
    }
    
    /**
     * Init method for this filter
     * @param filterConfig
     */
    public void init(FilterConfig filterConfig) { 
        this.filterConfig = filterConfig;
    }
}