1. 程式人生 > >使用過濾器對權限進行過濾,就是對訪問的url地址進行判斷

使用過濾器對權限進行過濾,就是對訪問的url地址進行判斷

nis res init quest tool resp != oos list

/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
package cn.toher.filter;

import cn.toher.bean.Group;
import cn.toher.bean.User;
import cn.toher.dao.AuthorityDao;
import
cn.toher.dao.GroupDao; import cn.toher.dao.UserDao; import java.io.IOException; import java.util.ArrayList; import java.util.List; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import static jdk.nashorn.internal.runtime.regexp.joni.constants.AsmConstants.S; /** * * @author Administrator */ public class AuthorityFilter implements Filter { @Override
public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest servletRequest = (HttpServletRequest) request; HttpServletResponse servletResponse = (HttpServletResponse) response; User user = (User) servletRequest.getSession().getAttribute("Suser"); //獲取請求的Servlet,即url if(user.getIsAdmin() != 1){ String currentURL = servletRequest.getServletPath(); System.out.println("currentURL:"+currentURL); AuthorityDao authorityDao = new AuthorityDao(); //通過url找到權限編號 String authorityNo = authorityDao.findAuthorityNo(currentURL); List<String> listuser = new ArrayList<String>();//存放個人權限編號集合 //通過獲取Session得到user UserDao userDao = new UserDao(); //調用方法,把User的authorityNo拼接成String集合 listuser = userDao.splitString(user); //判斷權限集合是否包含這個權限 // List 中 contains()函數的用法? if (listuser.contains(authorityNo)) { chain.doFilter(request, response); } else { response.getWriter().write("<script type=\"text/javascript\">alert(\"權限不足\")</script>"); } }else{ chain.doFilter(request, response); } } @Override public void destroy() { } }

使用過濾器對權限進行過濾,就是對訪問的url地址進行判斷