impowerfilter.java

权限组件的java代码写法例子下载

package com.parddu.crm.web.filter;

import java.io.IOException;
import java.util.List;
import java.util.Set;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import com.parddu.crm.entity.MenuInfo;
import com.parddu.crm.entity.MenuItem;
import com.parddu.crm.util.MyFinal;

/**
 * 验证权限
 * @author student
 *
 */
public class ImpowerFilter implements Filter {

	public void destroy() {
		// TODO Auto-generated method stub

	}

	/**
	 * 权限管理（防止盗链）
	 */
	public void doFilter(ServletRequest arg0, ServletResponse arg1,
			FilterChain arg2) throws IOException, ServletException {
		//取得当前用户的权限菜单（包括菜单项）
		HttpServletRequest request = (HttpServletRequest)arg0;
		List<MenuInfo> userMenuList = (List<MenuInfo>)request.getSession().getAttribute(MyFinal.SESSION_USER_ALL_MENU_LIST);
		//得到用户所请求的地址
		String uri = request.getRequestURI();
		//得到可以作为权限判断的相对路径
		String url = uri.substring(uri.indexOf("pages"));
		String operate = request.getParameter("operate");
		boolean flage = false; //判断是否有这个权限
		for(MenuInfo m : userMenuList){
			if(operate!=null && operate.equals("")){
				//action的请求
				String murl = m.getMenuUrl();
				if(murl!=null && "".equals(murl)){
					if(murl.indexOf(url)!=-1 &&murl.indexOf(operate)!=-1){
						flage = true;
						break;
					}
				}
			}
			else{
				if(url.equals(m.getMenuUrl())){ //请求路径直接使jsp
					flage = true;
					break;
				}
			}
			Set<MenuItem> menuItemList = (Set<MenuItem>)m.getMenuItems();
			for(MenuItem mi : menuItemList){
				if(operate!=null && operate.equals("")){
					//action请求
					if(url.equals(mi.getMiUrl()) && operate.equals(mi.getMiMethod())){
						flage = true;
						break;
					}
				}
				else{
					if(url.equals(mi.getMiUrl())){
						flage = true;
						break;
					}
				}
			}
			if(flage){
				break;
			}
		}
		if(flage){
			arg2.doFilter(arg0, arg1);
		}
		else{
			request.setAttribute(MyFinal.REQUEST_ERROR_MESSAGE, "小心不要越权使用功能，你的帐号系统记录，等待公安部门处理。。");
			request.getRequestDispatcher("/common/error.jsp").forward(arg0, arg1);
		}
	}

	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub

	}

}