Struts2 過濾器無法正常過濾.action請求
阿新 • • 發佈:2019-01-01
package cn.thinknet.filter; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import cn.thinknet.utils.others.AKKeysUtil; /** * 過濾器 * * * */ public class AuthorityFilter extends HttpServlet implements Filter { /** * */ private static final long serialVersionUID = 4504557649329493897L; public String[] allowAuthorityURLs; public String[] authorityURLs; public FilterConfig config; /** * 過濾不能訪問的地址 */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { // 未登入需要跳轉的地址 String redirectPath = config .getInitParameter(AKKeysUtil.WEB_CONTEXT_REDIRECT_PATH); // 過濾是否啟用 boolean isEnable = true; // 過濾器可用 String disableStr = config .getInitParameter(AKKeysUtil.WEB_CONTEXT_DISABLE_FILTER); if (StringUtils.isNotEmpty(disableStr)) { isEnable = disableStr.equals("N"); } HttpServletRequest req = (HttpServletRequest) request; // 判斷過濾器是否啟用 if (!isEnable) { filterChain.doFilter(request, response); return; } // 需要過濾的字尾 String authorityURL = config .getInitParameter(AKKeysUtil.WEB_CONTEXT_AUTHORITY_URL); if (StringUtils.isNotEmpty(authorityURL)) { authorityURLs = authorityURL.split(","); } // 判斷當前的請求地址中是否存在需要過濾的字尾 if (authorityURL(req)) { // 不需要過濾的地址 String allowAuthorityURL = config .getInitParameter(AKKeysUtil.WEB_CONTEXT_ALLOW_AUTHORITY_URL); if (StringUtils.isNotEmpty(allowAuthorityURL)) { allowAuthorityURLs = allowAuthorityURL.split(","); } // 過濾不攔截的url if (allowAuthorityURL(req)) { filterChain.doFilter(request, response); return; } else { // 判斷當前使用者是否登入,沒有登入直接跳轉到登入頁面 if (!relogin(redirectPath, response, req)) { return; } } // 最後對action與jsp進行許可權校驗 // if (authorityRequestAddress(req)) // { // 【暫時不實現縱向越權控制】 filterChain.doFilter(request, response); // } // else // { // 沒有許可權時 // noAuthority(); // } } else { // 例如js,image,css等檔案不列入許可權控制範圍內 filterChain.doFilter(request, response); } } @Override public void init(FilterConfig filterConfig) throws ServletException { config = filterConfig; // WebApplicationContext ctx = WebApplicationContextUtils // .getWebApplicationContext(this.getServletContext()); // menuService = (MenuService) ctx.getBean("menuService"); } /** * 在未登陸的情況下允許訪問的URL * * @return Boolean */ private boolean allowAuthorityURL(HttpServletRequest request) { boolean isAllow = false; // 獲得當前訪問的地址 String current_url = request.getRequestURI(); if (ArrayUtils.isNotEmpty(allowAuthorityURLs)) { for (String allowUrl : allowAuthorityURLs) { if (StringUtils.containsIgnoreCase(current_url, allowUrl)) { isAllow = true; break; } } } return isAllow; } /** * 需要過濾的字尾 * * @return Boolean */ private boolean authorityURL(HttpServletRequest request) { boolean isFilter = false; if (ArrayUtils.isNotEmpty(authorityURLs)) { for (String suffix : authorityURLs) { if (request.getRequestURI().indexOf(suffix) != -1) { isFilter = true; break; } } } return isFilter; } /** * 判斷員工回話是否失效 * * @param redirectPath * 需要跳轉的頁面 * @param response * 請求響應 * * @param request * 請求 * * @throws IOException * * @return boolean 假:代表重新登入,真:代表session存在 */ private boolean relogin(String redirectPath, ServletResponse response, HttpServletRequest request) throws IOException { response.setContentType("text/html;charset=UTF-8"); response.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); // 判斷該使用者是否存在session中,如果有直接進入當前action if (null == request.getSession(true).getAttribute( AKKeysUtil.USER_EMPLOY_SESSION_KEY)) { // 跳轉到登入介面 out.print("<script language='javascript'>alert('身份驗證失效,請重新登入!');window.parent.location.href='" + redirectPath + "';</script>"); return false; } // 如果使用者禁用掉cookie,則跳轉到登入介面,提示使用者啟用cookie Cookie[] cookies = request.getCookies(); if (null == cookies) { // 1.可能使用者清除過cookie 2.可能是由於使用者禁用了cookie 此時都會跳轉到登入介面 // 跳轉到登入介面 out.print("<script language='javascript'>alert('Cookie被清理或是已禁用,請嘗試重新登入!');window.parent.location.href='" + redirectPath + "';</script>"); return false; } return true; } }