BS登陆功能

登陆方法

package ey.org.web.controller;

import java.util.List;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import ey.orgclient.pub.FuncH;
import ey.orgclient.pub.OrgH;
import ey.orgclient.pub.RoleH;
import ey.orgclient.pub.UserH;
import ey.orgclient.pub.model.OrgRole;
import ey.orgclient.pub.model.OrgUser;

/**
 * @Title: LoginController.java
 * @Package com.ydsn.web.controller
 * @Description:  登陆controller控制业务层
 * @author   yzp
 * @date 2014-5-15 下午3:59:43
 * @version V1.0
 */
@Controller
@RequestMapping("/login")
public class LoginController {
	

	@Resource
	private UserH userH;
	@Resource
	private OrgH orgH; 
	@Resource
	private RoleH roleH; 
	@Resource
	private FuncH funcH; 
	
	
	@RequestMapping("/login")
	/**
	 * 密码正确 且 是超级管理员
	 * @Title: login
	 * @author yzp
	 * @date 2014-9-16 上午11:43:33
	 * @param request
	 * @return String    
	 * @throws 
	 * @Description: TODO(这里用一句话描述这个方法的作用)
	 */
	public String login(HttpServletRequest request){
		//System.out.println(System.getProperty("java.class.path"));//系统的classpaht路径
		String loginId = request.getParameter("j_username");
		String password = request.getParameter("j_password");
		OrgUser orgUser = userH.findByLonginId(loginId);
		boolean isAdmin = false;
		if(orgUser==null){
			request.setAttribute("msg", "1");
			return "/login";	
		}
		// 只有admin角色的用户可以登录
		List<OrgRole> roleList = roleH.findByUserid(orgUser.getId());
		for(OrgRole org:roleList){
			if("admin".equals(org.getId())){
				isAdmin =true;
			}
		}	
		
		if(orgUser!=null && orgUser.getPassword().equals(password) && isAdmin){
			HttpSession session=request.getSession();
			session.setAttribute("user", orgUser);
		    return "redirect:/index.jsp";
		}else{
			request.setAttribute("msg", "1");
			return "/login";	
		}
	}
	@RequestMapping("/loginout")
	public String loginout(HttpServletRequest request){
		HttpSession session=request.getSession();
		session.removeAttribute("user");
		return "/login";
	}
}
禁止非登陆情况访问过滤器

package ey.org.web.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

public class UserRightFilter implements Filter {
	
	/**
	 * 单点登录
	 * @param request
	 * @param response
	 * @param chain
	 * @throws IOException
	 * @throws ServletException
	 */
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
			HttpServletRequest req = (HttpServletRequest) request;
			HttpServletResponse res = (HttpServletResponse) response;
			HttpSession session = req.getSession();
			WebApplicationContext webApplicationContext = WebApplicationContextUtils
				.getWebApplicationContext(session.getServletContext());
		
			Object u = session.getAttribute("user");
			String requestUrl = req.getRequestURI();
			
			if (requestUrl.endsWith("/login.jsp")||requestUrl.endsWith("/login.do")) {				
				chain.doFilter(request, response);				
			} else if (requestUrl.endsWith(".css")
					|| requestUrl.endsWith(".js")
					|| requestUrl.endsWith(".jpg")
					|| requestUrl.endsWith(".JPG")
					|| requestUrl.endsWith(".jpeg")
					|| requestUrl.endsWith(".JPEG")
					|| requestUrl.endsWith(".bmp")
					|| requestUrl.endsWith(".BMP")
					|| requestUrl.endsWith(".gif")
					|| requestUrl.endsWith(".GIF")
					|| requestUrl.endsWith(".png")
					|| requestUrl.endsWith(".PNG")
					|| requestUrl.endsWith(".avi")
					|| requestUrl.endsWith(".AVI")
					|| requestUrl.endsWith(".wmv")
					|| requestUrl.endsWith(".WMV")
					|| requestUrl.endsWith(".wma")
					|| requestUrl.endsWith(".WMA")
					|| requestUrl.endsWith(".mpeg")
					|| requestUrl.endsWith(".MPEG")
					|| requestUrl.endsWith(".rm") || requestUrl.endsWith(".RM")
					|| requestUrl.endsWith(".ram")
					|| requestUrl.endsWith(".RAM")
					|| requestUrl.endsWith(".swf")
					|| requestUrl.endsWith(".SWF")) {// 若是图片、视频、css、javascript,则不做过滤
					chain.doFilter(request, response);
			} else if( u!=null){
				chain.doFilter(request, response);
			}else{
				res.sendRedirect(req.getContextPath() + "/login.jsp");
			}
		
	}


	public void init(FilterConfig filterConfig) throws ServletException {

	}

	public void destroy() {

	}

}

web.xml配置

<!-- 登录 -->
  <filter>
    <filter-name>userRightFilter</filter-name>
    <filter-class>ey.org.web.filter.UserRightFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>userRightFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>



你可能感兴趣的:(BS登陆功能)