sessionfilter.java

struts+spring+jdbc权限管理 菜单树实现

package com.hiiso.crm.common.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.hiiso.crm.common.pojo.User;

/*************************************************************************
* SYSTEM:       基金CRM系统
* SUBSYS:       CRM权限管理模块
* DESCRIPTION:  CRM过滤器，退出的用户不能操作
* AUTHOR:       YAOYI
* CREATE DATE:  2008/11/06
* COPYRIGHT:    (c)Copyright 2008 HISUN Corporation. All rights reserved.
* VERSION:      V1.0G
* EDIT HISTORY:
*************************************************************************/

public class SessionFilter implements Filter {
	protected FilterConfig filterConfig;   
	private String[] noFilterUri; 
	
	public void init(FilterConfig filterConfig) throws ServletException {
		this.filterConfig = filterConfig;   
	    String noFilterStr = filterConfig.getInitParameter("noFilterUri");//获取不进行session过滤的以";"隔开的字符串  
	    if (noFilterStr == null) {   
	      throw new ServletException("noFilterUri is error");  
	    }else{  
	    	noFilterUri = noFilterStr.split(";");
	    }
	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest hreq = (HttpServletRequest)request;   
	    HttpServletResponse hres = (HttpServletResponse)response; 
	    HttpSession session = hreq.getSession();
	    String filterMethod = hreq.getParameter("method");
	    User user = (User)session.getAttribute("user");
	    System.out.println(hreq.getRequestURI());
	    if(null==user){
	    	String uri = hreq.getRequestURI();
	    	boolean flag = true;
	    	for(int i=0;i<noFilterUri.length;i++){
	    		String preUri = noFilterUri[i].split(",")[0];
	    		String behMethod = noFilterUri[i].split(",")[1];
	    		if(uri.indexOf(preUri)!=-1&&behMethod.equals(filterMethod)){
	    			flag = true;
	    			break;
	    		}else{
	    			flag = false;
	    		}
	    	}
	    	if(flag==true){
	    		chain.doFilter(request, response);
	    	}else{
	    		hres.sendRedirect(hreq.getContextPath()+"/SessionTimeout.jsp");
	    	}
	    }else{
	    	chain.doFilter(request, response);
	    }
	}

	public void destroy() {
	}

}