rightfilter.java

一个简单的用Spring+Hibernate+Struts的亿阳信通系统

package com.chinatelecom.filter;

import javax.servlet.*;
import javax.servlet.http.*;

import com.chinatelecom.mode.TRight;
import com.chinatelecom.mode.TRole;

import java.io.*;
import java.util.List;

public class RightFilter extends HttpServlet implements Filter {
	private FilterConfig filterConfig;

	// Handle the passed-in FilterConfig
	public void init(FilterConfig filterConfig) throws ServletException {
		this.filterConfig = filterConfig;
	}

	// Process the request/response pair
	public void doFilter(ServletRequest req, ServletResponse resp,
			FilterChain filterChain) {
		try {
			HttpServletRequest request = (HttpServletRequest) req;
			HttpServletResponse response = (HttpServletResponse) resp;
			PrintWriter out;
			out = response.getWriter();
			HttpSession session = request.getSession();
			String url = request.getServletPath();
			String operat = request.getParameter("oprate");

			List rightlist = (List) session.getAttribute("rolesright");
			// System.out.println(rightlist.size());
			boolean isCall = false;
			if (url.equals("/login.do") || url.equals("/logout.do")
					|| url.equals("/show.do") || url.equals("/dic.do")
					|| url.equals("/dicContent.do")) {
				// System.out.println("允许访问");
				filterChain.doFilter(request, response);
				return;
			}
			String operation = operat.substring(0, 3);
			// System.out.println(operation);
			for (int i = 0; i < rightlist.size(); i++) {
				TRight rights = (TRight) rightlist.get(i);
				TRole role = (TRole) rights.getTRole();
				if (url.equals(role.getRoleFlag())) {
					// System.out.println(role.getRoleFlag() + "++++++++++");
					// System.out.println("*********" + role.getRoleFunction());
					// String[] str = role.getRoleFunction().split(";");
					String right = role.getRoleFunction();
					// for (int j = 0; j < str.length; j++) {
					// String right = str[j].substring(0, 2);
					if (operation.equals("sho")) {
						isCall = true;
						break;
					}
					if (right.contains("删除") && operation.equals("del")) {
						isCall = true;
						break;
					}
					if (right.contains("配置") && operation.equals("upd")) {
						isCall = true;
						break;
					}
					if (right.contains("更新") && operation.equals("upd")) {
						isCall = true;
						break;
					}
					if (right.contains("查询") && operation.equals("fin")) {
						isCall = true;
						break;
					}
					if (operation.equals("sel")) {
						isCall = true;
						break;
					}
					if (right.contains("更改") && operation.equals("upd")) {
						isCall = true;
						break;
					}
					if (right.contains("新增") && operation.equals("add")) {
						isCall = true;
						break;
					}
				} else {
					isCall = false;
				}
			}
			if (isCall == true) {
				// System.out.println("允许访问");
				filterChain.doFilter(request, response);
			} else {
				// System.out.println("无权访问");
				// out.print("对不起,您无权访问");
				response.sendRedirect("/chinamobile/show.do");
			}
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (ServletException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}
}