📄 permissionfilter.java
字号:
package cn.jx.ecjtu.oa.common.filter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import cn.jx.ecjtu.oa.common.Constant;
import cn.jx.ecjtu.oa.ps.pojo.Permission;
import cn.jx.ecjtu.oa.ps.pojo.Role;
import cn.jx.ecjtu.oa.services.UserInSession;
public class PermissionFilter implements Filter {
private static final Log logger=LogFactory.getLog(PermissionFilter.class);
private HashMap<String, List<String>> permission=new HashMap<String, List<String>>();
private String basePath;
private List<String> publicPath;
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req=(HttpServletRequest)request;
HttpSession session=req.getSession();
HttpServletResponse resp=(HttpServletResponse)response;
String path=req.getRequestURI();//URL中主机后面的部分;如:sina.com/news/index.html 中的/news/index.html
//下面两个if语句完成从获取的URI中获得目录(去除项目名称部分和最后的文件部分)
if(path.startsWith(basePath)){
path=path.substring(basePath.length());
}
int eOffset=path.lastIndexOf('/');
if(eOffset>=0){
path=path.substring(0,eOffset);
}
///////////////////只配置了根目录下的公共目录,那如果在多层目录下的页面中请求公共目录不是就访问不了了吗//////
//两种情况:直接访问根目录下的文件;请求公共目录
if(path.length()==0||isPublic(path)){
chain.doFilter(request, response);
return;
}
if(session==null){
resp.sendRedirect(basePath+"/toindex.jsp");
}
else{
UserInSession user = (UserInSession)session.getAttribute(Constant.USER_IN_SESSION);
if(user ==null){
resp.sendRedirect(basePath+"/toindex.jsp");
return;
}
// Role role = user.getRole();
// List<Permission> permissions = role.getPermissions();
// boolean flag = false;
// for (Permission permission : permissions) {
// if(path.startsWith(permission.getResource())){ //path.equals(permission.getResource()
// flag = true;
// chain.doFilter(request, response);
// break;
// }
// }
/*
* 因为权限检查需要使用的Role,Permission均为UserInSession的属性
* 所以,将权限检查的功能放置到UserInSession中更为合适。
* 这样在各部分需要检查用户权限的时侯,就简便多了。
*/
if(user.checkPermission(path)){
chain.doFilter(request, response);
}
else{
//resp.sendRedirect(basePath+"/index.jsp");
request.setAttribute("message", "对不起,你没有权限访问此页面^_^");
req.getRequestDispatcher("/error.jsp").forward(request, response);
}
}
}
public void init(FilterConfig config) throws ServletException {
basePath = config.getInitParameter("basepath");
String value=config.getInitParameter("public");
if(value != null){
String [] paths=value.split(";");
List<String> list=new ArrayList<String>();
for(String path:paths){
list.add(path);
}
this.publicPath=list;
}
else{
this.publicPath=new ArrayList<String>();
}
/*
Enumeration<String> e=config.getInitParameterNames();
for(;e.hasMoreElements();){
String key=e.nextElement();
String value=config.getInitParameter(key);
if(key.equalsIgnoreCase("basepath")){
this.basePath=value;
}
else if(key.equalsIgnoreCase("public")){
String [] paths=value.split(";");
List<String> list=new ArrayList<String>();
for(String path:paths){
list.add(path);
}
this.publicPath=list;
}
else{
String [] paths=value.split(";");
List<String> list=new ArrayList<String>();
for(String path:paths){
list.add(path);
}
permission.put(key, list);
}
}*/
}
private boolean checkPermission(String key,String path){
List<String> p=permission.get(key);
return p!=null && p.contains(path);
}
private boolean isPublic(String path){ //配置的路径:请求页面的时候,页面可能请求的资源文件,如图片、js文件、css文件
for(String s:this.publicPath){
if(path.startsWith(s)) return true;//startsWith(s)只要是以s所指定的目录开始都返回true
}
return false;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -