做项目的时候使用到了基于URL的权限过滤和乱码的解决方式,这里采用过滤器来实现,具体代码如下
一、权限过滤器
package com.zks.FilterTest;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @Since: JDK 1.8
* @Author: Zhao
* @Description: 权限过滤器
**/
public class URLFilter implements Filter{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest)servletRequest;
HttpServletResponse httpServletResponse = (HttpServletResponse)servletResponse;
//获取访问资源的uri
String uri =httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
//检查访问的资源是否是以/admin或/user开头,则表情需要权限
if(uri.startsWith("/admin") || uri.startsWith("/user"))
{
//如果用户没有登录,则提示登录
if(httpServletRequest.getSession(false) == null || httpServletRequest.getSession().getAttribute("user") == null) {
httpServletResponse.getWriter().println("请先登录");
httpServletResponse.setHeader("Refresh","3;url=" + httpServletRequest.getContextPath() + "login.jsp");
return;
}
else {
//如果用户已经登录
User user = (User) httpServletRequest.getSession().getAttribute("user");
if(uri.startsWith("/admin") && "admin".equals(user.getRole())) {
//如果当前资源需要admin权限而当前用户是admin则放行
filterChain.doFilter(servletRequest,servletResponse);
}
else if(uri.startsWith("/user") && "user".equals(user.getRole())) {
//如果当前资源需要user而当前用户是user额放行
filterChain.doFilter(servletRequest,servletResponse);
}
else {
//如果上述两个不符合则提示权限不足
throw new RuntimeException("权限不足");
}
}
}
else {
//如果不需要权限则直接放行
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void destroy() {
}
}
二、全站乱码解决过滤器
package com.zks.FilterTest;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Map;
/**
* @Since: JDK 1.8
* @Author: Zhao
* @Description: 全站乱码解决的过滤器
**/
public class EncodingFilter implements Filter {
private FilterConfig filterConfig = null;
private String encode = null;
private boolean isNotEncode = true;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
encode = filterConfig.getInitParameter("encode") == null ?"utf-8":filterConfig.getInitParameter("encode");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
servletResponse.setContentType("text/html;charset=" + encode);
filterChain.doFilter(new MyHttpRequest((HttpServletRequest) servletRequest),servletResponse);
}
@Override
public void destroy() {
}
class MyHttpRequest extends HttpServletRequestWrapper {
private HttpServletRequest httpServletRequest = null;
public MyHttpRequest(HttpServletRequest request) {
super(request);
this.httpServletRequest = request;
}
public Map getParameterMap() {
if (httpServletRequest.getMethod().equalsIgnoreCase("POST")) {
try {
httpServletRequest.setCharacterEncoding(encode);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return super.getParameterMap();
} else if (httpServletRequest.getMethod().equalsIgnoreCase("GET")) {
Map<String, String[]> map = httpServletRequest.getParameterMap();
if(isNotEncode) {
for (Map.Entry<String, String[]> m : map.entrySet()) {
String[] v = m.getValue();
for (int i = 0; i < v.length; i++) {
try {
v[i] = new String(v[i].getBytes("iso8859-1"), encode);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}
}
isNotEncode = false; //第二次是查询缓存 防止再次编码
}
return map;
}
else {
return super.getParameterMap();
}
}
public String[] getParameterValues(String name) {
return (String[]) this.getParameterMap().get(name);
}
public String getParameter(String name) {
return getParameterValues(name) == null ? null : getParameterValues(name)[0];
}
}
}
三、小结
基于URL的权限过滤是我们最常用的过滤器,相比较shiro框架而言,它显得相对简洁,但是在某些复杂的处理上来讲,shiro框架相对较好。乱码是开发中经常遇到的,这里分别将post和get提交的乱码进行统一的处理,而不需要再每一个遇到的地方做单独的处理。