Web开发对*.jsp的过滤
在web开发过程中,我们首先会在web.xml中配置一下,对每个请求的.jsp文件都需要进行过滤一下,看看用户是否登陆的验证:
<filter> <filter-name>sessionFilter</filter-name> <filter-class>grp.pt.common.filter.SessionFilter</filter-class> </filter> <filter-mapping> <filter-name>sessionFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping>
那么不管登陆任何*.jsp的时候,总要经过过滤器sessionFilter一回。对应的类:SessionFilter 这个过滤器就是检查用户是否登陆。
public class SessionFilter implements Filter{
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest requestHttp = (HttpServletRequest) arg0;
String path = requestHttp.getServletPath();
if(path.indexOf("RedirectPage.jsp") > 0 || path.indexOf("Login.jsp")>0)
{
arg2.doFilter(arg0, arg1);
return;
}
HttpSession session = requestHttp.getSession();
if (session.getAttribute("user") == null) {
arg0.setAttribute("message", "登陆超时,请重新登陆!");
RequestDispatcher requestDispatcher = arg0.getRequestDispatcher("/jsp/common/Login.jsp");
requestDispatcher.forward(arg0, arg1);
return ;
}
arg2.doFilter(arg0, arg1);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
可能有人要问,那你的user实在哪里设置进去的呢?
我们分析一下Login.jsp登陆时发送的请求:
Ext.Ajax.request({
url : "<%=path%>/common/loginCheck.action", //这个地方的loginCheck.action是用对应类的loginCheck()方法来核对用户名和密码的
method : 'POST',
form : "myForm",
params : {
userCode : usercode,
userPass : Ext.getDom("txtPassword").value
},
// 提交成功的回调函数
success : function(response, options) {
if (response.responseText == "OK") {
window.location.href = "<%=path%>/jsp/common/Index.jsp";
} else if (response.responseText == "ERROR") {
Ext.getDom("Validate").innerHTML = "<SPAN style='DISPLAY:inline;COLOR:#960014;font-size:14px'>用户名或密码错误!</SPAN>";
}
},
// 提交失败的回调函数
failure : function(response, options) {
Ext.getDom("Validate").innerHTML = "<SPAN style='DISPLAY:inline;COLOR:#960014;font-size:14px'>后台数据访问失败!</SPAN>";
}
});
}
我们找到:url : "<%=path%>/common/loginCheck.action
看看关于:user = userService.getUserByCode(userCode); session.setAttribute("user", user);
package grp.pt.common.action;
import grp.pt.framework.Interfece.IMasterDataService;
import grp.pt.framework.Interfece.IOrgService;
import grp.pt.framework.Interfece.IUserService;
import grp.pt.framework.model.ElementDTO;
import grp.pt.framework.model.Organization;
import grp.pt.framework.model.Session;
import grp.pt.framework.model.User;
import grp.pt.util.MD5;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.struts2.ServletActionContext;
import assp.evoucher.common.adapter.SignAndDEnvelopeAdaptHandler;
public class LoginAction extends BaseAction{
private IUserService userService;
private IOrgService orgService;
private IMasterDataService masterDataService;
public Logger logger = Logger.getLogger(LoginAction.class);
public IMasterDataService getMasterDataService() {
return masterDataService;
}
public void setMasterDataService(IMasterDataService masterDataService) {
this.masterDataService = masterDataService;
}
public IOrgService getOrgService() {
return orgService;
}
public void setOrgService(IOrgService orgService) {
this.orgService = orgService;
}
public IUserService getUserService() {
return userService;
}
public void setUserService(IUserService userService) {
this.userService = userService;
}
//用户登陆
public String loginCheck(){
HttpServletRequest req = ServletActionContext.getRequest();
//把用户名和密码取过来。
String userCode = req.getParameter("userCode");
String userPass = req.getParameter("userPass");
User user = null;
HttpSession session = req.getSession();
//设置过期时间为20分钟
session.setMaxInactiveInterval(20*60);
//用户编码校验
if(userCode != null && userPass != null){
user = userService.getUserByCode(userCode);
//如果说这个用户不存在
if(user == null){
this.actionWrite("ERROR");
return null;
}
}
//区划 id code
//得到所属机构
Organization organization = orgService.loadOrgById(user.getBelong_org());
//如果说机构不为null
if(organization != null){
//得到所属区划
long rg_id = organization.getRg_id();
Session userSession = new Session();
//得到所属的一级部门
userSession.setTop_org(user.getBelong_org());
//根据要素编码查询对于的要素(实际上是从数据字典里面查,然后赋给也是一个基础数据结构
ElementDTO dto = masterDataService.loadEleValueById(userSession , "REGION", rg_id);
session.setAttribute("rg_id", rg_id);
session.setAttribute("rg_code", dto.getCode());
session.setAttribute("is_top_region", dto.getParent_id() == 0 ?1+"" : 0+"");
userSession.setRgCode(dto.getCode());
//dto.getCode得到编码
user.setRg_code(dto.getCode());
}
//用户密码证书校验
//userCode是从客户端取出来的
if(userService.verifyUserPwd(userCode, MD5.createPassword(userPass))){
session.setAttribute("user", user);
this.actionWrite("OK");
}else{
this.actionWrite("ERROR");
}
return null;
}
public boolean checks(String s1,String[] s2){
String s=s1;
for(String s3:s2){
if(s.equals(s3)){
return true;
}
}
return false;
}
//检测用户名
public String loginChe(){
HttpServletRequest req = ServletActionContext.getRequest();
HttpServletResponse response=ServletActionContext.getResponse();
String userCode = req.getParameter("userCode");
User user = null;
user = userService.getUserByCode(userCode);
if(user == null){
this.actionWrite("该用户不存在!");
return null;
}else{
String username=user.getName();
response.setContentType("textml;charset=UTF-8");
int logintype=user.getLogin_level();
if(logintype==0){
this.actionWrite("OK,"+username+","+userCode);
}else if(logintype==1){
this.actionWrite("OK1,"+username+","+userCode);
}else{
throw new RuntimeException("用户登录级别有问题:"+logintype+"级");
}
}
return null;
}
//UKEY用户登录
public String checkUkey(){
HttpServletRequest res=ServletActionContext.getRequest();
HttpSession session = res.getSession();
User user = null;
String userCode = res.getParameter("userCode");
user = userService.getUserByCode(userCode);
if(user == null){
this.actionWrite("ERROR");
return null;
}else{
Organization organization = orgService.loadOrgById(user.getBelong_org());
if(organization != null){
long rg_id = organization.getRg_id();
Session userSession = new Session();
userSession.setTop_org(user.getBelong_org());
ElementDTO dto = masterDataService.loadEleValueById(userSession , "REGION", rg_id);
session.setAttribute("rg_id", rg_id);
session.setAttribute("rg_code", dto.getCode());
session.setAttribute("is_top_region", dto.getParent_id() == 0 ?1+"" : 0+"");
userSession.setRgCode(dto.getCode());
user.setRg_code(dto.getCode());
}
String signword=res.getParameter("signword");
String orgword=res.getParameter("testword");
byte[] originData=orgword.getBytes();
int result = -1;
try {
result = SignAndDEnvelopeAdaptHandler.verifyServerMessage(signword.getBytes(),originData);
if(result==0){
session.setAttribute("user", user);
this.actionWrite("OK");
}else{
this.actionWrite("ERROR");
}
} catch (Exception e) {
logger.error(e);
this.actionWrite("ERROR");
}
}
return null;
}
//用户注销
public String logoff() throws Exception{
HttpServletRequest req = ServletActionContext.getRequest();
HttpSession session = req.getSession();
if(session != null) {
session.removeAttribute("user");
}
this.actionWrite("OK");
return null;
}
//检验证书匹配
public String checktype(){
HttpServletRequest req = ServletActionContext.getRequest();
User user = null;
String sn=req.getParameter("user_sn");
String userCode = req.getParameter("userCode");
user = userService.getUserByCode(userCode);
if(user == null){
this.actionWrite("ERROR");
return null;
}else{
String ukeysn=user.getSn();
String[] names=sn.split(",");
if(checks(ukeysn,names)){
this.actionWrite("OK"+","+ukeysn);
}else{
this.actionWrite("ERROR"+","+"wo");
}
}
return null;
}
public String goRealware(){
HttpServletRequest res=ServletActionContext.getRequest();
HttpSession session = res.getSession();
User user = null;
String userCode = res.getParameter("userCode");
String sessionID=res.getParameter("sessionID");
user = userService.getUserByCode(userCode);
if(orgService.querySessionByCode(userCode,sessionID)>0){
orgService.deleteSessionByCode(userCode);
Organization organization = orgService.loadOrgById(user.getBelong_org());
if(organization != null){
long rg_id = organization.getRg_id();
Session userSession = new Session();
userSession.setTop_org(user.getBelong_org());
ElementDTO dto = masterDataService.loadEleValueById(userSession , "REGION", rg_id);
session.setAttribute("rg_id", rg_id);
session.setAttribute("rg_code", dto.getCode());
session.setAttribute("is_top_region", dto.getParent_id() == 0 ?1+"" : 0+"");
userSession.setRgCode(dto.getCode());
user.setRg_code(dto.getCode());
session.setAttribute("user", user);
return "Success";
}
}
return null;
}
}