import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Vector;
import javax.jms.Session;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.borland.jbcl.control.UserNamePasswordDialog;
import com.sun.crypto.provider.RSACipher;
public class LoginFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
chain.doFilter(request, response);
return;
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpSession session = httpRequest.getSession();
String userName = request.getParameter("j_username");
String password = request.getParameter("j_password");
if (userName == null || "".equals(userName)) {
chain.doFilter(request, response);
return;
}
if (userName.equals(session.getAttribute("sesuname"))) {// 已经有session
chain.doFilter(request, response);
return;
}
try {
if(authentication(userName,password,session)){
chain.doFilter(request, response);
return;
}
} catch (Exception e) {
System.out.println("验证出错"+e.getMessage());
e.printStackTrace();
}
chain.doFilter(request, response);
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
private boolean authentication(String userName, String password,HttpSession session) throws SQLException {
Connection conn = Sql2kBase.getInstance().connectAutoPool();
String sql = "select userid,deptid,(select c.unitname from c_unit c where c.unitid=s_user.areacode) as unitname,uname,areacode from s_user where (upper(uname)="
+ "? or employee=?) and upper(pwd)=? and (valid='0' or valid is null) "; // 列名可能是valid
PreparedStatement pst = conn.prepareStatement(sql);
pst.setString(1, userName.toUpperCase());
pst.setString(2, userName.toUpperCase());
pst.setString(3, password);
ResultSet rs = pst.executeQuery();
if(rs.next()){
session.setAttribute("sesuname", rs.getString("uname")); //用户名,直接用从页面中得到的
session.setAttribute("sesuserid", rs.getString("userid")); //用户ID
session.setAttribute("sesdeptid", rs.getString("deptid")); //用户部门ID
session.setAttribute("BBSUSERNAME","ADMIN");
session.setAttribute("sesunitname",rs.getString("unitname"));
session.setAttribute("sesareacode",rs.getString("areacode"));
session.setAttribute("sesunitid",rs.getString("areacode"));
//session.setAttribute("sesdaysused",90);//当前密码已使用的天数
return true;
}
return false;
}
}
在web.xml中加入
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>CTCMIS.PrivManage.sqlserver.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Vector;
import javax.jms.Session;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.borland.jbcl.control.UserNamePasswordDialog;
import com.sun.crypto.provider.RSACipher;
public class LoginFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
chain.doFilter(request, response);
return;
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpSession session = httpRequest.getSession();
String userName = request.getParameter("j_username");
String password = request.getParameter("j_password");
if (userName == null || "".equals(userName)) {
chain.doFilter(request, response);
return;
}
if (userName.equals(session.getAttribute("sesuname"))) {// 已经有session
chain.doFilter(request, response);
return;
}
try {
if(authentication(userName,password,session)){
chain.doFilter(request, response);
return;
}
} catch (Exception e) {
System.out.println("验证出错"+e.getMessage());
e.printStackTrace();
}
chain.doFilter(request, response);
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
private boolean authentication(String userName, String password,HttpSession session) throws SQLException {
Connection conn = Sql2kBase.getInstance().connectAutoPool();
String sql = "select userid,deptid,(select c.unitname from c_unit c where c.unitid=s_user.areacode) as unitname,uname,areacode from s_user where (upper(uname)="
+ "? or employee=?) and upper(pwd)=? and (valid='0' or valid is null) "; // 列名可能是valid
PreparedStatement pst = conn.prepareStatement(sql);
pst.setString(1, userName.toUpperCase());
pst.setString(2, userName.toUpperCase());
pst.setString(3, password);
ResultSet rs = pst.executeQuery();
if(rs.next()){
session.setAttribute("sesuname", rs.getString("uname")); //用户名,直接用从页面中得到的
session.setAttribute("sesuserid", rs.getString("userid")); //用户ID
session.setAttribute("sesdeptid", rs.getString("deptid")); //用户部门ID
session.setAttribute("BBSUSERNAME","ADMIN");
session.setAttribute("sesunitname",rs.getString("unitname"));
session.setAttribute("sesareacode",rs.getString("areacode"));
session.setAttribute("sesunitid",rs.getString("areacode"));
//session.setAttribute("sesdaysused",90);//当前密码已使用的天数
return true;
}
return false;
}
}
在web.xml中加入
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>CTCMIS.PrivManage.sqlserver.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>