safefilter.java

用jdbc写的一个存储过程的代码

package com.bluedot.web.filter;

import java.io.IOException;
import java.util.Iterator;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.bluedot.common.Constants;
import com.bluedot.domain.Fun;
import com.bluedot.domain.User;

public class SafeFilter implements Filter {

	public void destroy() {
	}

	public void doFilter(ServletRequest arg0, ServletResponse arg1,
			FilterChain arg2) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) arg0;
		HttpServletResponse response = (HttpServletResponse) arg1;
		User user = (User) request.getSession().getAttribute(
				Constants.USER_LOGIN_SESSION_KEY);
		String uri = request.getRequestURI();
		//System.out.println(uri);
		if (uri.endsWith("login.jsp") || uri.endsWith("Login.do")) {
			arg2.doFilter(arg0, arg1);
		} else {
			if (user != null) {
				Iterator<Fun> it = user.getRole().getFuns().iterator();
				boolean flag = false;
				while (it.hasNext()) {
					Fun f = it.next();
					//System.out.println(request.getContextPath()+"/"+f.getUri());
					if (uri.equals(request.getContextPath()+"/"+f.getUri())) {
						flag = true;
						break;
					}
				}

				if (flag) {
					arg2.doFilter(arg0, arg1);
				} else {
					String addr = request.getRemoteAddr();
					response.sendRedirect("noprivilige.jsp");
				}
			}
		}
	}

	public void init(FilterConfig arg0) throws ServletException {
	}

}