java应用程序做授权_java-为我的Web应用程序编写授权过滤器(JSF ...

遵循一些建议,我决定为自己的Web应用程序编写自己的授权过滤器(我没有使用容器管理的安全性,因此必须采用这种方式).

这是我的第一个过滤器,因此我对如何实现它感到有些困惑.

这是我到目前为止所做的:

package filters;

import java.io.IOException;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

import entities.Role;

public class RestrictPageFilter implements Filter {

FilterConfig fc;

public void init(FilterConfig filterConfig) throws ServletException {

// The easiest way to initialize the filter

fc = filterConfig;

}

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest) request;

HttpServletResponse resp = (HttpServletResponse) response;

HttpSession session = req.getSession(true);

String pageRequested = req.getRequestURL().toString();

Role currentUser = (Role) session.getAttribute("userRole");

//Pages that are allowed with no need to login:

//-faq.xhtml

//-index.jsp

//-login.xhtml

//-main.xhtml

//-registration.xhtml

//NOW pages that are restricted depending on the type of user

//buyoffer.xhtml(Only BUYER)

//sellerpanel.xhtml(Only SELLER)

//adminpanel.xhtml(Only ADMINISTRATOR)

//HOW SHOULD I IMPLEMENT THAT??

if(currentUser != null && currentUser.getType().equals("BUYER")) {

}

if(currentUser != null && currentUser.getType().equals("SELLER")) {

}

if(currentUser != null && currentUser.getType().equals("ADMINISTRATOR")) {

}

}

public void destroy() {

// Not needed

}

}

如您所见,我在那里留下了评论.有人可以帮我整理一下此过滤器,也可以给我一些伪代码提示,我应该如何完成呢?

我在网上看到了一些示例,但是没有一个示例根据用户类型进行不同的过滤.

不胜感激您的帮助:)

更新资料

我创建了一个xml文件来帮助我进行过滤(它位于WEB-INF / classes内部)

buyoffer.xhtml

faq.xhtml

index.jsp

login.xhtml

main.xhtml

registrationSucceded.xhtml

sellerpanel.xhtml

faq.xhtml

index.jsp

login.xhtml

main.xhtml

registrationSucceded.xhtml

sellerpanel.xhtml

faq.xhtml

index.jsp

login.xhtml

main.xhtml

registrationSucceded.xhtml

我从init()方法读取文件.

public class RestrictPageFilter implements Filter {

private FilterConfig fc;

private InputStream in;

public void init(FilterConfig filterConfig) throws ServletException {

// The easiest way to initialize the filter

fc = filterConfig;

//Get the file that contains the allowed pages

in = this.getClass().getResourceAsStream("/allowedpages.xml");

}

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest) request;

HttpServletResponse resp = (HttpServletResponse) response;

HttpSession session = req.getSession(true);

String pageRequested = req.getRequestURL().toString();

//Get the value of the current logged user

Role currentUser = (Role) session.getAttribute("userRole");

if (currentUser != null) {

}

}

public void destroy() {

// Not needed

}

}

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值