三大框架整合的配置文件信息可下载;
做权限设置的过滤器代码:过滤器在web.xml中的配置在下面的压缩包中
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.wepull.hrms.dto.UserDto;
/**
* 过滤器类,用来做权限设置
* @author 康苗
*
*/
public class SecureFilter implements Filter {
List<String> urlList = new ArrayList<String>();
public void destroy() {
}
/**拦截特定的请求
* 先取session中的用户信息角色所对应的权限urls
* 获取当前请求的url
* 然后做判断 是否在urls中
* */
public void doFilter(ServletRequest req, ServletResponse resp,FilterChain chain)
throws IOException, ServletException {
HttpServletRequest h_req = (HttpServletRequest) req;
HttpServletResponse h_resp = (HttpServletResponse) resp;
h_req.setCharacterEncoding("UTF-8");
h_resp.setCharacterEncoding("UTF-8");
//获得session中用户的信息
HttpSession session = h_req.getSession();
UserDto userDto = (UserDto) session.getAttribute("userInfo");
String uri = h_req.getRequestURI().substring(1);
uri = uri.substring(uri.indexOf("/"));
System.out.println("uri:-------" + uri);
if("/".equals(uri)) {
chain.doFilter(h_req, h_resp);
return;
}
if (urlList.contains(uri)){
chain.doFilter(h_req, h_resp); return;
}
if (userDto != null) {
if(1==userDto.getRoleDto().getId()){
chain.doFilter(h_req, h_resp);
return;
}else if (userDto.getUrls() != null) {
if (userDto.getUrls().contains(uri)) {
chain.doFilter(h_req, h_resp);
return;
} else {
String str = "<script laguage='JavaScript'> alert('对不起!你无权操作!');window.history.go(-1);</script>";
h_req.setAttribute("message", str);
h_req.getRequestDispatcher("../welcome.jsp").forward(h_req,h_resp);
return;
}
} else {
String str = "<script laguage='JavaScript'> alert('你没有权限!请联系系统管理员!');</script>";
h_req.setAttribute("message", str);
h_req.getRequestDispatcher("../welcome.html").forward(h_req,h_resp);
return;
}
} else {
//如果session为空 就返回登录页面
//String str = "<script laguage='JavaScript'> alert('你还没登录!请登录!');</script>";
//h_req.setAttribute("message", str);
//h_req.getRequestDispatcher("../login.jsp").forward(h_req,h_resp);
h_resp.sendRedirect("../toquit.jsp");
return;
}
}
public void init(FilterConfig filterconfig) throws ServletException {
System.out.println("执行 过滤器的init方法----------------------");
//初始化时将不进行过滤的页面添加到一个集合里
urlList.clear();
urlList.add("/system/login-doLogin");
urlList.add("/system/login-doQuit");
urlList.add("/login.jsp");
urlList.add("/index.jsp");
urlList.add("/header.jsp");
urlList.add("/welcome.jsp");
urlList.add("/error.jsp");
urlList.add("/error1.jsp");
urlList.add("/tologin.jsp");
urlList.add("/toquit.jsp");
}
}