package com.bjpowernode.drp.util.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* 此Filter是防止没有登陆而通过URL直接访问系统的
* 但是此验证并不完善,任何用户一旦进入了系统,就可以访问系统的任何功能
*
* @author Kevin
*
*/
public class AnthenticationFilter implements Filter {
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
// 转为HttpServletRequest,HttpServletResponse
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
// 获取URI,例如/drp4.8/login.jsp(登陆页面), /drp4.8/servlet/AuthImageServlet(登陆页面验证码)
String requestURI = httpServletRequest.getRequestURI();
// 去掉应用名之后的URI,因为应用名是可以改动的,不能写死在程序,效果/login.jsp(登陆页面), /servlet/AuthImageServlet(登陆页面验证码)
String noAppNameRequestURI = requestURI.substring(requestURI.indexOf("/", 1), requestURI.length());
// 如果去掉应用名之后的URI是/login.jsp(登陆页面), /servlet/AuthImageServlet(登陆页面验证码),一路红灯
if (noAppNameRequestURI.equals("/login.jsp") ||
noAppNameRequestURI.equals("/servlet/AuthImageServlet")) {
filterChain.doFilter(httpServletRequest, httpServletResponse);
// 其他情况都必须验证用户是否已经登陆
// 如果没有创建session,或者是session没有user_info的信息,说明用户没有登陆,直接重定向到登陆页面
} else {
// 查看是否存在session,如果没有不创建
HttpSession httpSession = httpServletRequest.getSession(false);
if (httpSession == null || httpSession.getAttribute("user_info") == null) {
httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/login.jsp");
return;
}
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
1.权限控制:Filter
最新推荐文章于 2020-03-07 12:34:57 发布