Web.xml
<filter>
<filter-name>securityfilter</filter-name>
<filter-class>
com.XXXX.oss.commons.filter.SecurityFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>securityfilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>securityfilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
SecurityFilter类:
package com.XXXX.oss.commons.filter;
import javax.servlet.*;
import javax.servlet.http.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.io.*;
import com.XXXX.oss.commons.constant.ReqAttributeType;
import com.XXXX.oss.commons.UserInfo;
import com.XXXX.oss.admin.operpurrela.OperpurrelaDelegate;
public class SecurityFilter extends HttpServlet implements Filter {
// 日志log4j
private static Log log = LogFactory.getLog(SecurityFilter.class);
private static final long serialVersionUID = 1L;
private static final String LOGIN_PAGE = "/login.jsp";
private static final String LOGIN_PAGE2 = "/Login.do";
private FilterConfig filterConfig;
// Handle the passed-in FilterConfig
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
// Process the request/response pair
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) {
try {
HttpServletRequest req = (HttpServletRequest) request;
// 得到url+param
String currentURL = req.getRequestURI();
// if (req.getQueryString() != null) {
// currentURL = currentURL + "?" + req.getQueryString();
// }
String ajax = req.getParameter("CSCOMM");
if (currentURL != null && null == ajax) {
if ((currentURL.indexOf(LOGIN_PAGE) >= 0)|| (currentURL.indexOf(LOGIN_PAGE2) >= 0)) {
} else {
HttpServletResponse res = (HttpServletResponse) response;
res.setHeader("Pragma", "No-cache");
res.setHeader("Cache-Control", "no-cache");
res.setDateHeader("Expires", 0);
UserInfo userInfo = (UserInfo) req.getSession().getAttribute(ReqAttributeType.USERINFO);
if (null == userInfo) {
if (currentURL != null&& currentURL.contains("PrintWindow.jsp")) {
filterChain.doFilter(request, response);
return;
}
res.sendRedirect(req.getContextPath() + LOGIN_PAGE);
return;
} else {
if (!judgePur(currentURL, userInfo.getOpercode())) {
res.sendRedirect(req.getContextPath() + LOGIN_PAGE);
return;
}
}
}
}
filterChain.doFilter(request, response);
} catch (ServletException sx) {
log.error(sx);
filterConfig.getServletContext().log(sx.getMessage());
} catch (IOException iox) {
log.error(iox);
filterConfig.getServletContext().log(iox.getMessage());
} catch (Exception ex) {
log.error("", ex);
filterConfig.getServletContext().log(ex.getMessage());
}
}
public void destroy() {
filterConfig = null;
}
/**
* 验证用户是否能进入该url
*
* @param url
* String
* @param opercode
* String
* @return boolean
* @throws Exception
*/
public boolean judgePur(String url, String opercode) throws Exception {
OperpurrelaDelegate delegate = new OperpurrelaDelegate();
if (delegate.findPurByUrl(url, opercode) == -1) {
return false;
}
return true;
}
}
OperpurrelaLogic:
/**
* 根据url查询操作员在该业务控制点上的高中低权限
*
* @param url
* String
* @param opercode
* String
* @return int 0、1、2 高、中、低 权限 -1 没权限
* @throws Exception
*/
public int findPurByUrl(String url, String opercode) throws Exception {
int purview = -1; // 默认是没权限
// 判断登录用户是否是超级工号
if (Admin.isSuperUser(opercode)) {
purview = 0; // 最高权限
} else {
/** @todo 要修改的代码 */
purview = -1;
}
return purview;
}
public class Admin {
// 超级工号
private static final String Super_User[] = { "KFA001", "GD0001" };
/**
* 超级工号判断
*
* @param name
* String
* @return boolean
*/
public static boolean isSuperUser(String name) {
for (int i = 0; i < Super_User.length; i++) {
if (name.equals(Super_User[i]))
return true;
}
return false;
}
}
<filter>
<filter-name>securityfilter</filter-name>
<filter-class>
com.XXXX.oss.commons.filter.SecurityFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>securityfilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>securityfilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
SecurityFilter类:
package com.XXXX.oss.commons.filter;
import javax.servlet.*;
import javax.servlet.http.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.io.*;
import com.XXXX.oss.commons.constant.ReqAttributeType;
import com.XXXX.oss.commons.UserInfo;
import com.XXXX.oss.admin.operpurrela.OperpurrelaDelegate;
public class SecurityFilter extends HttpServlet implements Filter {
// 日志log4j
private static Log log = LogFactory.getLog(SecurityFilter.class);
private static final long serialVersionUID = 1L;
private static final String LOGIN_PAGE = "/login.jsp";
private static final String LOGIN_PAGE2 = "/Login.do";
private FilterConfig filterConfig;
// Handle the passed-in FilterConfig
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
// Process the request/response pair
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) {
try {
HttpServletRequest req = (HttpServletRequest) request;
// 得到url+param
String currentURL = req.getRequestURI();
// if (req.getQueryString() != null) {
// currentURL = currentURL + "?" + req.getQueryString();
// }
String ajax = req.getParameter("CSCOMM");
if (currentURL != null && null == ajax) {
if ((currentURL.indexOf(LOGIN_PAGE) >= 0)|| (currentURL.indexOf(LOGIN_PAGE2) >= 0)) {
} else {
HttpServletResponse res = (HttpServletResponse) response;
res.setHeader("Pragma", "No-cache");
res.setHeader("Cache-Control", "no-cache");
res.setDateHeader("Expires", 0);
UserInfo userInfo = (UserInfo) req.getSession().getAttribute(ReqAttributeType.USERINFO);
if (null == userInfo) {
if (currentURL != null&& currentURL.contains("PrintWindow.jsp")) {
filterChain.doFilter(request, response);
return;
}
res.sendRedirect(req.getContextPath() + LOGIN_PAGE);
return;
} else {
if (!judgePur(currentURL, userInfo.getOpercode())) {
res.sendRedirect(req.getContextPath() + LOGIN_PAGE);
return;
}
}
}
}
filterChain.doFilter(request, response);
} catch (ServletException sx) {
log.error(sx);
filterConfig.getServletContext().log(sx.getMessage());
} catch (IOException iox) {
log.error(iox);
filterConfig.getServletContext().log(iox.getMessage());
} catch (Exception ex) {
log.error("", ex);
filterConfig.getServletContext().log(ex.getMessage());
}
}
public void destroy() {
filterConfig = null;
}
/**
* 验证用户是否能进入该url
*
* @param url
* String
* @param opercode
* String
* @return boolean
* @throws Exception
*/
public boolean judgePur(String url, String opercode) throws Exception {
OperpurrelaDelegate delegate = new OperpurrelaDelegate();
if (delegate.findPurByUrl(url, opercode) == -1) {
return false;
}
return true;
}
}
OperpurrelaLogic:
/**
* 根据url查询操作员在该业务控制点上的高中低权限
*
* @param url
* String
* @param opercode
* String
* @return int 0、1、2 高、中、低 权限 -1 没权限
* @throws Exception
*/
public int findPurByUrl(String url, String opercode) throws Exception {
int purview = -1; // 默认是没权限
// 判断登录用户是否是超级工号
if (Admin.isSuperUser(opercode)) {
purview = 0; // 最高权限
} else {
/** @todo 要修改的代码 */
purview = -1;
}
return purview;
}
public class Admin {
// 超级工号
private static final String Super_User[] = { "KFA001", "GD0001" };
/**
* 超级工号判断
*
* @param name
* String
* @return boolean
*/
public static boolean isSuperUser(String name) {
for (int i = 0; i < Super_User.length; i++) {
if (name.equals(Super_User[i]))
return true;
}
return false;
}
}