遵循一些建议,我决定为自己的Web应用程序编写自己的授权过滤器(我没有使用容器管理的安全性,因此必须采用这种方式).
这是我的第一个过滤器,因此我对如何实现它感到有些困惑.
这是我到目前为止所做的:
package filters;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import entities.Role;
public class RestrictPageFilter implements Filter {
FilterConfig fc;
public void init(FilterConfig filterConfig) throws ServletException {
// The easiest way to initialize the filter
fc = filterConfig;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String pageRequested = req.getRequestURL().toString();
Role currentUser = (Role) session.getAttribute("userRole");
//Pages that are allowed with no need to login:
//-faq.xhtml
//-index.jsp
//-login.xhtml
//-main.xhtml
//-registration.xhtml
//NOW pages that are restricted depending on the type of user
//buyoffer.xhtml(Only BUYER)
//sellerpanel.xhtml(Only SELLER)
//adminpanel.xhtml(Only ADMINISTRATOR)
//HOW SHOULD I IMPLEMENT THAT??
if(currentUser != null && currentUser.getType().equals("BUYER")) {
}
if(currentUser != null && currentUser.getType().equals("SELLER")) {
}
if(currentUser != null && currentUser.getType().equals("ADMINISTRATOR")) {
}
}
public void destroy() {
// Not needed
}
}
如您所见,我在那里留下了评论.有人可以帮我整理一下此过滤器,也可以给我一些伪代码提示,我应该如何完成呢?
我在网上看到了一些示例,但是没有一个示例根据用户类型进行不同的过滤.
不胜感激您的帮助:)
更新资料
我创建了一个xml文件来帮助我进行过滤(它位于WEB-INF / classes内部)
buyoffer.xhtml
faq.xhtml
index.jsp
login.xhtml
main.xhtml
registrationSucceded.xhtml
sellerpanel.xhtml
faq.xhtml
index.jsp
login.xhtml
main.xhtml
registrationSucceded.xhtml
sellerpanel.xhtml
faq.xhtml
index.jsp
login.xhtml
main.xhtml
registrationSucceded.xhtml
我从init()方法读取文件.
public class RestrictPageFilter implements Filter {
private FilterConfig fc;
private InputStream in;
public void init(FilterConfig filterConfig) throws ServletException {
// The easiest way to initialize the filter
fc = filterConfig;
//Get the file that contains the allowed pages
in = this.getClass().getResourceAsStream("/allowedpages.xml");
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String pageRequested = req.getRequestURL().toString();
//Get the value of the current logged user
Role currentUser = (Role) session.getAttribute("userRole");
if (currentUser != null) {
}
}
public void destroy() {
// Not needed
}
}