URL权限过滤(1)

如果您发现内容含有错误或公司内部信息,请予以指出,本人不胜感激。。。。
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.FilterChain;
import java.io.IOException;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletResponse;

public class PermissiondoFilter implements Filter {

	private FilterConfig filterConfig;
	private FilterChain chain;
	private HttpServletRequest request;
	private HttpServletResponse response;

	public void destroy() {
		this.filterConfig = null;
	}

	public void init(FilterConfig filterConfig) throws ServletException {
		this.filterConfig = filterConfig;
	}

	public void doFilter(ServletRequest servletRequest,
			ServletResponse servletResponse, FilterChain chain) {
		this.chain = chain;
		this.request = (HttpServletRequest) servletRequest;
		this.response = ((HttpServletResponse) servletResponse);
		String url = request.getRequestURI();
		System.out.println("访问的完整路径-->" + url);

		try {
			HttpSession session = request.getSession();
			// 获取网站访问根目录
			String accessPath = request.getContextPath();
			System.out.println("-访问的网站根目录-" + accessPath);

			// 截获根目录以后的路径即'/项目名'以后的路径;
			url = url.substring(accessPath.length() + 1, url.length());
			System.out.println("-访问-" + url);
			LoginUser loginUser = (LoginUser) session.getAttribute("loginUser");
			System.out.println("url-->" + url);
			if (noVerifyUrl(url, request)) {
				chain.doFilter(request, response);
			} else if (loginUser == null) {
				response.sendRedirect(accessPath + "/login.jsp");
			} else {
				System.out.println(loginUser.getUserName() + "-访问-" + url);

				verifyUrl(url, loginUser);
			}
		} catch (Exception sx) {
			sx.printStackTrace();
		}
	}

你可能感兴趣的:(jsp,servlet)