【HRMS】SSH整合配置文件,做权限设置的过滤器代码

三大框架整合的配置文件信息可下载;

做权限设置的过滤器代码:过滤器在web.xml中的配置在下面的压缩包中

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.wepull.hrms.dto.UserDto;
/**
 * 过滤器类,用来做权限设置
 * @author 康苗
 *
 */
public class SecureFilter implements Filter {
	
	List<String> urlList = new ArrayList<String>();
	public void destroy() { 
	}
	/**拦截特定的请求
	 * 先取session中的用户信息角色所对应的权限urls
	 * 获取当前请求的url
	 * 然后做判断 是否在urls中
	 * */
	public void doFilter(ServletRequest req, ServletResponse resp,FilterChain chain)
	                                            throws IOException, ServletException {
		HttpServletRequest h_req = (HttpServletRequest) req;
		HttpServletResponse h_resp = (HttpServletResponse) resp;
		h_req.setCharacterEncoding("UTF-8");
		h_resp.setCharacterEncoding("UTF-8");
		//获得session中用户的信息
		HttpSession session = h_req.getSession();
		UserDto userDto = (UserDto) session.getAttribute("userInfo");  
		String uri = h_req.getRequestURI().substring(1);
		uri = uri.substring(uri.indexOf("/"));
		System.out.println("uri:-------" + uri);
		if("/".equals(uri)) {
			chain.doFilter(h_req, h_resp); 	
			return;
		}
		
		if (urlList.contains(uri)){
			chain.doFilter(h_req, h_resp); 	return;
		}
		if (userDto != null) {
			if(1==userDto.getRoleDto().getId()){
				chain.doFilter(h_req, h_resp);
				return;
			}else if (userDto.getUrls() != null) {
				if (userDto.getUrls().contains(uri)) {
					chain.doFilter(h_req, h_resp);  
					return;
				} else {
					String str = "<script laguage='JavaScript'> alert('对不起!你无权操作!');window.history.go(-1);</script>";
					h_req.setAttribute("message", str);
					h_req.getRequestDispatcher("../welcome.jsp").forward(h_req,h_resp);
					return;
				}
			} else {
				String str = "<script laguage='JavaScript'> alert('你没有权限!请联系系统管理员!');</script>";
				h_req.setAttribute("message", str);
				h_req.getRequestDispatcher("../welcome.html").forward(h_req,h_resp); 
				return;
			}
		} else {
			//如果session为空 就返回登录页面
			//String str = "<script laguage='JavaScript'> alert('你还没登录!请登录!');</script>";
			//h_req.setAttribute("message", str);
			//h_req.getRequestDispatcher("../login.jsp").forward(h_req,h_resp);
			h_resp.sendRedirect("../toquit.jsp");
			return; 
		}
	}
	
	public void init(FilterConfig filterconfig) throws ServletException {
		System.out.println("执行 过滤器的init方法----------------------");
		//初始化时将不进行过滤的页面添加到一个集合里 
		urlList.clear();
		urlList.add("/system/login-doLogin");
		urlList.add("/system/login-doQuit");
		urlList.add("/login.jsp");
		urlList.add("/index.jsp");
		urlList.add("/header.jsp");
		urlList.add("/welcome.jsp");
		urlList.add("/error.jsp");
		urlList.add("/error1.jsp");
		urlList.add("/tologin.jsp");
		urlList.add("/toquit.jsp");
	} 
}

 

你可能感兴趣的:(JavaScript,jsp,servlet,ssh,配置管理)