privilege.java

来自「cwbbs 云网论坛源码」· Java 代码 · 共 221 行

JAVA
221
字号
package cn.js.fan.module.pvg;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpSession;import cn.js.fan.db.Conn;import java.sql.SQLException;import java.sql.PreparedStatement;import java.sql.ResultSet;import cn.js.fan.web.Global;import org.apache.log4j.Logger;import cn.js.fan.util.ParamUtil;import cn.js.fan.util.StrUtil;import cn.js.fan.util.ErrMsgException;import cn.js.fan.base.IPrivilege;import cn.js.fan.security.SecurityUtil;import com.redmoon.forum.security.IPMonitor;public class Privilege implements IPrivilege {    public static final String NAME = Global.AppName + "_NAME";    public static final String PWDMD5 = Global.AppName + "_PWDMD5";    final String ISGROUPPRIVVALID = "select priv from user_group_priv where group_code=? and priv=?";    String connname;    Logger logger = Logger.getLogger(Privilege.class.getName());    public Privilege() {        connname = Global.defaultDB;        if (connname.equals(""))            logger.info("Privilege:默认数据库名不能为空");    }    public String getUser(HttpServletRequest request) {      HttpSession session = request.getSession(true);      return (String)session.getAttribute(NAME);    }    public boolean isUserLogin(HttpServletRequest request) {        HttpSession session = request.getSession(true);        String name = (String)session.getAttribute(NAME);        if (name == null)            return false;        else            return true;    }    public boolean isUserPrivValid(HttpServletRequest request, String priv) {        if (!isUserLogin(request))            return false;        if (getUser(request).equals(User.ADMIN))             return true;                User user = new User(getUser(request));        String[] privs = user.getPrivs();        if (privs!=null) {            int len = privs.length;            for (int i=0; i<len; i++) {                                if (privs[i].equals(Priv.PRIV_ADMIN))                    return true;                if (privs[i].equals(priv))                    return true;            }        }        UserGroup[] ug = user.getGroup();                if (ug==null) {            return false;        }        int k = ug.length;        for (int i=0; i<k; i++) {            if (isGroupPrivValid(ug[i], priv))                return true;        }        return false;    }    public boolean isGroupPrivValid(UserGroup group, String priv) {                if (group.getCode().equals(group.Administrators))            return true;        SecurityUtil fs = new SecurityUtil();        Conn conn = new Conn(connname);        ResultSet rs = null;        UserGroup[] ug = null;        try {            PreparedStatement pstmt = conn.prepareStatement(ISGROUPPRIVVALID);            pstmt.setString(1, group.getCode());            pstmt.setString(2, priv);            rs = conn.executePreQuery();            if (rs!=null) {                if (rs.next()) {                    return true;                }            }        } catch (SQLException e) {            logger.error("isGroupPrivValid:" + e.getMessage());        } finally {            if (conn != null) {                conn.close();                conn = null;            }        }        return false;    }    public boolean setGroupPriv(HttpServletRequest request) throws ErrMsgException{        String[] privs = request.getParameterValues("priv");        String group_code = ParamUtil.get(request, "group_code");        if (privs==null)            return false;        if (group_code.equals(""))            throw new ErrMsgException("用户组编码不能为空!");        int len = privs.length;        String insertSql = "";        Conn conn = new Conn(connname);        try {            String sql = "delete from user_group_priv where group_code=" +                         StrUtil.sqlstr(group_code);            conn.beginTrans();            conn.executeUpdate(sql);            for (int i = 0; i < len; i++) {                insertSql = "insert into user_group_priv (group_code,priv) values (" +                        StrUtil.sqlstr(group_code) +                        ", " + StrUtil.sqlstr(StrUtil.UnicodeToUTF8(privs[i])) +                        ")";                conn.executeUpdate(insertSql);            }            conn.commit();        }        catch (SQLException e) {            conn.rollback();            logger.error(e.getMessage());            return false;        }        finally {            if (conn!=null) {                conn.close();                conn = null;            }        }        return true;    }    public boolean login(HttpServletRequest request, String username,                         String pwd, String validateCode) throws            ErrMsgException {        HttpSession session = request.getSession(true);        String vcode = StrUtil.getNullStr((String) session.getAttribute(                "validateCode"));        if (!vcode.equals(validateCode))            throw new ErrMsgException("请输入正确的验证码!");        String ip = request.getRemoteAddr();        IPMonitor ipm = new IPMonitor();        boolean re = ipm.isIPCanAdmin(ip);        if (!re) {            throw new ErrMsgException("IP地址非法!");        }        UserMgr um = new UserMgr();        re = um.Auth(username, pwd);        if (re) {            User user = um.getUser(username);            user.setEnterCount(user.getEnterCount() + 1);            user.setEnterLast();            user.store();            session.setAttribute(NAME, username);            try {                session.setAttribute(PWDMD5, SecurityUtil.MD5(pwd));            } catch (Exception e) {                logger.error(e.getMessage());            }        }        return re;    }    public void doLogin(HttpServletRequest request, String username, String pwdMD5) {        HttpSession session = request.getSession(true);        session.setAttribute(NAME, username);        session.setAttribute(PWDMD5, pwdMD5);    }    public boolean login(HttpServletRequest request, String username,                         String pwd) throws            ErrMsgException {        String ip = request.getRemoteAddr();        IPMonitor ipm = new IPMonitor();        boolean re = ipm.isIPCanAdmin(ip);        if (!re) {            throw new ErrMsgException("IP地址非法!");        }        UserMgr um = new UserMgr();        re = um.Auth(username, pwd);        if (re) {            User user = um.getUser(username);            user.setEnterCount(user.getEnterCount() + 1);            user.setEnterLast();            user.store();            try {                doLogin(request, username, SecurityUtil.MD5(pwd));            } catch (Exception e) {                logger.error("login:" + e.getMessage());            }        }        return re;    }    public static void logout(HttpServletRequest req) {        HttpSession session = req.getSession(true);        session.invalidate();    }    public boolean isValid(HttpServletRequest request, String priv) {        return isUserPrivValid(request, priv);    }}

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?