使用Filter控制权限
目前很多项目对权限的控制一般普遍使用Acgi来控制权限。这里对老技术做一个回顾,曾经使用过Filter来控制权限,如果对Filter不是很熟悉的朋友,可以简单看下,也许多少会有些帮助。
public class PopedomFilter implements Filter {
??? public void init(FilterConfig filterConfig) throws ServletException {
??? }
??? public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
??????? HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
??????? HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
??????? String contextPath = httpServletRequest.getContextPath();?? //取得项目当前根目录?? 例如:/project
??????? String currentPath = httpServletRequest.getRequestURI();??? //取得当前要访问的页面目录?? /project/admin/xxx.action
??????? if (!checkUserPopedom(httpServletRequest, httpServletResponse, contextPath, currentPath)) {???? //检查当前访问的路径是否包含在此用户的权限列表中,如果不存在return出去,不进行下一步的调用
??????????? return;
??????? }
??????? filterChain.doFilter(servletRequest, servletResponse);
??? }
??? private boolean checkUserPopedom(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String contextPath, String currentPath) throws IOException {
??????? User user = (User) httpServletRequest.getSession(true).getAttribute("user");
??????? if (user == null) {
??????????? httpServletResponse.sendRedirect(contextPath + "/");
??????????? return false;
??????? } else {
??????????? if (!checkPopedom(user, contextPath, currentPath)) {
??????????????? httpServletResponse.sendRedirect(contextPath + "/");
??????????????? return false;
??????????? }
??????? }
??????? return true;
??? }
??? private boolean checkPopedom(User user, String contextPath, String currentPath) {
??????? if (user.getSystemResourceList() != null) {
??????????? for (SystemResource resource : user.getSystemResourceList()) {
??????????????? String url = contextPath + resource.getActionUrl().trim();
??????????????? if (url.equals(currentPath)) {
??????????????????? return true;
??????????????? }
??????????? }
??????? }
??????? return false;
??? }
??? public void destroy() {
??? }
}
?
在web.xml 中需要对这个Filter进行配置如下
<filter>
???? <filter-name>PopedomFilter </filter-name>
???? <filter-class>...filter.RightFilter</filter-class>
?</filter>
<filter-mapping>
???? <filter-name>PopedomFilter </filter-name>
???? <url-pattern>*.action</url-pattern>
?</filter-mapping>
?