本文主要用登录过滤器是判断用户有没有登录以及有没有该路径的访问权限
package cn.zhaobaoqi.core.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import cn.zhaobaoqi.core.constant.Constant;
import cn.zhaobaoqi.core.permission.PermissionCheck;
import cn.zhaobaoqi.nsfw.user.entity.User;
public class LoginFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
// 获取访问的url
String url = request.getRequestURI();
if (!url.contains("system/login_")) {
// 非登录请求
User user = (User) request.getSession().getAttribute(Constant.USER);
//获取服务器启动后的IOC容器
WebApplicationContext wac = WebApplicationContextUtils.getRequiredWebApplicationContext(request.getServletContext());
PermissionCheck pc = (PermissionCheck) wac
.getBean("permissionCheck");
if (user != null) {
// 权限管理,判断用户有没有纳税服务系统的访问权限
if (url.contains("/nsfw/")) {
// 查询用户权限看有没有权限访问
if (pc.isAccessible(user, "nsfw")) {
chain.doFilter(request, response);
}else {
response.sendRedirect(request.getContextPath()+ "/system/login_toNoPermissionUI.action");
}
}else {
// 说明已经登录过放行
chain.doFilter(request, response);
}
} else {
// 没有登录跳转到登录页面
response.sendRedirect(request.getContextPath()+ "/system/login_toLoginUI.action");
}
} else {
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
===============================
package cn.zhaobaoqi.core.permission;
import java.util.List;
import java.util.Set;
import javax.annotation.Resource;
import cn.zhaobaoqi.nsfw.role.entity.RolePrivilege;
import cn.zhaobaoqi.nsfw.user.entity.User;
import cn.zhaobaoqi.nsfw.user.entity.UserRole;
import cn.zhaobaoqi.nsfw.user.service.UserService;
public class PermissionCheck {
@Resource
private UserService userService;
/**
* 判断用户是否有code权限
*
* @param user
* @param code
* @return
*/
public boolean isAccessible(User user, String code) {
// 获取用户的所有的角色
List<UserRole> userRoles = user.getUserRoles();
if (userRoles == null) {
userRoles = userService.findUserRoleById(user.getId());
}
// 根据角色对应的权限与code进行对比
if (userRoles != null && userRoles.size() > 0) {
for (UserRole userRole : userRoles) {
Set<RolePrivilege> privileges = userRole.getId().getRole()
.getRolePrivileges();
for (RolePrivilege rolePrivilege : privileges) {
if (code.equals(rolePrivilege.getId().getCode())) {
return true;
}
}
}
}
return false;
}
}
注意写好了过滤器一定要在web.xml里面进行声明