📄 securityfilter.java
字号:
package com.tarena.servlet.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.tarena.vo.Users;
public class SecurityFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterchain) throws IOException, ServletException {
//转换类型
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(false);
if(session == null) {
res.sendRedirect("fail.html");
return;
}
Users user = (Users)session.getAttribute("user");
if(user != null) {
String action = request.getParameter("action");
boolean hasPrivilige = checkPrivilige(action, user.getRole());
if(!hasPrivilige) {
System.out.println("current user :" + user.getUsername() + "'s role : " + user.getRole());
res.sendRedirect("noauthorization.html");
return;
}
}
filterchain.doFilter(req, res);
}
public void init(FilterConfig arg0) throws ServletException {
}
private boolean checkPrivilige(String action, String role) {
if(role != null && role.equals("admin")) {
return true;
}
if(action == null)
return false;
if(!action.equals("list") && !role.equals("admin")) {
return false;
}
return true;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -