权限控制--自定义filter过滤URL
**自定义filter过滤URL中
startsWith(String prefix)与endsWith(String suffix)的运用**
属于Java.lang.String类的方法
startsWith(String prefix)
测试此字符串是否以指定的前缀开始。
返回值:如果由参数表示的字符序列是由字符串表示的字符序列的前缀,则为true,否则为false。注意,如果参数是空字符串,或者等于这个字符串对象,由equls(object)方法确定,则返回true。
endsWith(String suffix)
测试此字符串是否以指定后缀结束。
返回值:如果由参数表示的字符序列是由该对象表示的字符序列的后缀,则为false;否则为false。注意,如果参数是空字符串,或者等于这个字符串对象,由equals(对象)方法确定,结果将为true。
startsWith与endsWith方法可以在自定义filter中排除过滤掉静态文件和一些不用验证的URL
实例如下
web.xml配置:
<filter>
<filter-name>priFilterfilter-name>
<filter-class>com.lc.base.PriFilterfilter-class>
<init-param>
<param-name>excludedPagesparam-name>
<param-value>.jhtml,.jsp,.html,/images,/css,/fonts,/jsparam-value>
init-param>
filter>
<filter-mapping>
<filter-name>authFilterfilter-name>
<url-pattern>/*url-pattern>
filter-mapping>Java代码:
public class PriFilter implements Filter{
private static final Log logger = LogFactory.getLog(AuthFilter.class);
private OperateLogService operateLogService ;
private MenuFunctionService menuFunctionService;
/** 需排除过滤的URL路径 例如(/js,/css,/images)*/
private String excludedPages;
/** 需排除过滤的URL路径的数组*/
private String[] excludedPageStr;
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
HttpSession session = request.getSession(false);
String targetURL = request.getRequestURI();
logger.info("---targetURL----"+targetURL);
/* if (!"/index.html".equals(targetURL) && !"/login.jsp".equals(targetURL)) {
if (session == null || session.getAttribute("userVO") == null) {
response.sendRedirect(request.getContextPath() + "/index.html");
return;
}
}
filterChain.doFilter(request, response);*/
try {
//通过前戳过滤
if (startsWith(targetURL)) {
filterChain.doFilter(request, response);
return;
}
//通过后戳过滤
if (endsWith(targetURL)) {
filterChain.doFilter(request, response);
return;
}
//通过匹配过滤 不过session 验证
if (targetURL.matches(Contants.NO_SESSION_INTERCEPTOR_URL)) {
filterChain.doFilter(request, response);
return;
}
if (null == session) {
logger.info("===session=====null======>");
// response.sendRedirect("/");
redirect(request, response);
return;
}
UserVO userVO = (UserVO) session.getAttribute(Contants.SESSION_USER);
if (null == userVO) {
logger.info("===userBO=====null======>");
// response.sendRedirect("/");
redirect(request, response);
return;
}
String sessionID = OnlineUserListener.getSessionID(userVO.getId().toString());
if (!session.getId().equals(sessionID)) {
logger.info("===sessionID==用户在其它地方登录===>");
// response.sendRedirect("/");
redirect(request, response);
return;
}
List urlList= userVO.getUrlList();
if (null == urlList) {
logger.info("===urlList=====null======>");
// response.sendRedirect("/");
redirect(request, response);
return;
}
//通过特定匹配过滤 需要过session验证
if (targetURL.matches(Contants.NO_INTERCEPTOR_URL)) {
filterChain.doFilter(request, response);
return;
}
//路径匹配
if (!urlList.contains(targetURL)) {
logger.info("===AuthFilter===无权限========>");
String ajax = request.getParameter("ajax");
if (StringUtils.isNotBlank(ajax)) {
if (ajax.equals(Contants.AJAX)) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
}else {
request.setAttribute("message","暂无权限,请联系系统管理员!" );
request.getRequestDispatcher("/error.jsp").forward(request, response);
return;
}
}
//操作日志
MemCache memCache = MemCache.getInstance();
Map map = (Map) memCache.get("functionRecord");
if (null == map) {
map = menuFunctionService.getFunctionByRecord();
memCache.set("functionRecord", map);
}
if (null != map.get(targetURL)) {
OperateLogBO operateLogBO = new OperateLogBO();
operateLogBO.setUserId(userVO.getId());
operateLogBO.setIp(ClientUtil.getIPAddress(request));
operateLogBO.setUrl(targetURL);
operateLogBO.setBrowser(request.getHeader("User-Agent"));
operateLogBO.setType(map.get(targetURL));
operateLogBO.setCreateDate(DateUtil.getNewDate());
operateLogService.save(operateLogBO);
}
filterChain.doFilter(request, response);
} catch (Exception e) {
e.printStackTrace();
logger.error("======"+e.getMessage(),e);
}
}
/**
* 初始化对象
*/
public void init(FilterConfig arg0) throws ServletException {
excludedPages = arg0.getInitParameter("excludedPages");
excludedPageStr = excludedPages.split(",");
ServletContext context = arg0.getServletContext();
ApplicationContext ac = WebApplicationContextUtils.getWebApplicationContext(context);
operateLogService = (OperateLogService)ac.getBean("operateLogService");
menuFunctionService = (MenuFunctionService)ac.getBean("menuFunctionService");
}
/**
* 前戳比较 将传入的URL和需过滤的的指定URL集进行前戳比较
* @param url
* @return
*/
public boolean startsWith(String url){
for (String excluded : excludedPageStr) {
if (url.startsWith(excluded)) {
return true;
}
}
return false;
}
/**
* 后戳比较 将传入的URL和需过滤的的指定URL集进行后戳比较
* @param url
* @return
*/
public boolean endsWith(String url){
for (String excluded : excludedPageStr) {
if (url.endsWith(excluded)) {
return true;
}
}
return false;
}
/**
* 重定向登录页
* @param request
* @param response
* @throws IOException
*/
public void redirect(HttpServletRequest request,HttpServletResponse response) throws IOException{
PrintWriter out = response.getWriter();
out.println("");
out.println("");
out.println("");
}
}