java应用程序做授权_java-为我的Web应用程序编写授权过滤器(JSF ...

遵循一些建议,我决定为自己的Web应用程序编写自己的授权过滤器(我没有使用容器管理的安全性,因此必须采用这种方式).

这是我的第一个过滤器,因此我对如何实现它感到有些困惑.

这是我到目前为止所做的：

package filters;

import java.io.IOException;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

import entities.Role;

public class RestrictPageFilter implements Filter {

FilterConfig fc;

public void init(FilterConfig filterConfig) throws ServletException {

// The easiest way to initialize the filter

fc = filterConfig;

}

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest) request;

HttpServletResponse resp = (HttpServletResponse) response;

HttpSession session = req.getSession(true);

String pageRequested = req.getRequestURL().toString();

Role currentUser = (Role) session.getAttribute("userRole");

//Pages that are allowed with no need to login:

//-faq.xhtml

//-index.jsp

//-login.xhtml

//-main.xhtml

//-registration.xhtml

//NOW pages that are restricted depending on the type of user

//buyoffer.xhtml(Only BUYER)

//sellerpanel.xhtml(Only SELLER)

//adminpanel.xhtml(Only ADMINISTRATOR)

//HOW SHOULD I IMPLEMENT THAT??

if(currentUser != null && currentUser.getType().equals("BUYER")) {

}

if(currentUser != null && currentUser.getType().equals("SELLER")) {

}

if(currentUser != null && currentUser.getType().equals("ADMINISTRATOR")) {

}

}

public void destroy() {

// Not needed

}

}

如您所见,我在那里留下了评论.有人可以帮我整理一下此过滤器,也可以给我一些伪代码提示,我应该如何完成呢？

我在网上看到了一些示例,但是没有一个示例根据用户类型进行不同的过滤.

不胜感激您的帮助:)

更新资料

我创建了一个xml文件来帮助我进行过滤(它位于WEB-INF / classes内部)

buyoffer.xhtml

faq.xhtml

index.jsp

login.xhtml

main.xhtml

registrationSucceded.xhtml

sellerpanel.xhtml

faq.xhtml

index.jsp

login.xhtml

main.xhtml

registrationSucceded.xhtml

sellerpanel.xhtml

faq.xhtml

index.jsp

login.xhtml

main.xhtml

registrationSucceded.xhtml

我从init()方法读取文件.

public class RestrictPageFilter implements Filter {

private FilterConfig fc;

private InputStream in;

public void init(FilterConfig filterConfig) throws ServletException {

// The easiest way to initialize the filter

fc = filterConfig;

//Get the file that contains the allowed pages

in = this.getClass().getResourceAsStream("/allowedpages.xml");

}

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest) request;

HttpServletResponse resp = (HttpServletResponse) response;

HttpSession session = req.getSession(true);

String pageRequested = req.getRequestURL().toString();

//Get the value of the current logged user

Role currentUser = (Role) session.getAttribute("userRole");

if (currentUser != null) {

}

}

public void destroy() {

// Not needed

}

}