public class BasicLoginFilter implements Filter {
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
HttpSession session = request.getSession();
String eadLoginUserId=(String)session.getAttribute("acl_login_userId");
if (eadLoginUserId!=null){
filterChain.doFilter(request, response);
}
if (eadLoginUserId == null) {
try {
response.setContentType("text/html;charset=UTF-8");
PrintWriter ut = response.getWriter();
String authorization = request.getHeader("authorization");
if (authorization == null || authorization.equals("")) {
response.setStatus(401);
response.setHeader("WWW-authenticate","Basic realm=\"请输入管理员密码\"");
response.getWriter().print("对不起您没有权限!!");
response.getWriter().close();
return;
}
String userAndPass = new String(new BASE64Decoder().decodeBuffer(authorization.split(" ")[1]));
if (userAndPass.split(":").length < 2) {
response.setStatus(401);
response.setHeader("WWW-authenticate","Basic realm=\"请输入管理员密码\"");
response.getWriter().print("对不起您没有权限!!");
response.getWriter().close();
return;
}
String users=SpringProperty.get("/system.properties","users");
String[] permitUsersArray=users.split(",");
if (ArrayUtils.contains(permitUsersArray, userAndPass)){
String logUserId=userAndPass.split(":")[0];
session.setAttribute("acl_login_userId",logUserId);
filterChain.doFilter(request, response);
} else {
response.setStatus(401);
response.setHeader("WWW-authenticate","Basic realm=\"请输入管理员密码\"");
response.getWriter().print("对不起您没有权限!!");
response.getWriter().close();
return;
}
} catch (Exception ex) {
response.setStatus(401);
response.setHeader("WWW-authenticate","Basic realm=\"请输入管理员密码\"");
response.getWriter().print("对不起您没有权限!!");
response.getWriter().close();
return;
}
}
}
}
web.xml配置:
<filter>
<filter-name>authFilter</filter-name>
<filter-class>com.....BasicLoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>authFilter</filter-name>
<url-pattern>/webapp/index.do</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>