package cn.zsyy.admin;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import cn.zsyy.db.Dao;
/**
* Servlet Filter implementation class AdminFilter
*/
@WebFilter("/admin/*")
public class AdminFilter implements Filter {
/**
* Default constructor.
*/
public AdminFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("-------admin filter-------");
//获取路径信息
HttpServletRequest req = (HttpServletRequest) request;
String servletPath = req.getServletPath();
System.out.println(servletPath);
//通过路径匹配放行,注册页面和登录页面。其余页面一律需要判断登录信息和权限
if(servletPath.equals("/admin/register")||servletPath.equals("/admin/login")) {
chain.doFilter(request, response);
}else {
//获取session对象
HttpSession session = req.getSession();
if(session.getAttribute("username")!=null) {
//以登录即放行
//chain.doFilter(request, response);
String username =(String) session.getAttribute("username");
//查找此用户的用户类型
String sqlStr = "select * from user where username = ?";
String[] params = {username};
ArrayList<HashMap<String, Object>> res = Dao.query(sqlStr, params);
HashMap<String, Object> user = res.get(0);
//根据是否有访问权限,如果有直接访问,如果没有,告知没有访问权限,并且跳转至登录页
System.out.println(user.get("userType"));
if(user.get("userType").equals("admin")) {
chain.doFilter(request, response);
//System.out.println("servlet path:"+req.getServletPath());
}else {
req.setAttribute("httpUrl", "/admin/login");
req.setAttribute("info", "您没有权限访问!请联系管理人员。即将跳转至登录页面。");
req.setAttribute("title", "访问失败!");
req.getRequestDispatcher("/admin/info.jsp").forward(req, response);
}
}else {
//如果没有登录,那么跳转至登录页面
req.setAttribute("httpUrl", "/admin/login");
req.setAttribute("info", "您尚未登录!即将跳转至登录页面。");
req.setAttribute("title", "未登录!");
req.getRequestDispatcher("/admin/info.jsp").forward(req, response);
}
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
以上为代码 小心空指针异常的处理 要不然会报错