最近 在做人力资源的项目,需要处理权限分配的功能,怎么使用filter处理呢?哪位大侠可以帮帮忙!!Filter人力资源
解决方案 »
- 大家怎样用英语进行Java项目介绍?进来交流以下~
- 这种数据结构怎么实现最好
- jboss中如何获得当前服务程序的绝对路径(根目录)
- 谁知道如何解决这个问题? NO Serializer found for class java:com.sune365.platform.note.Note
- 求救!jboss4下一个简单sessionBean总是不成功
- 在servlet中通过socket读取一幅图片的字节流,怎么才能把图片显示在网页上??
- --- Vector的使用问题----
- J2EE安全服务中的安全策略域是怎么回事,是相当于一个大的工作组吗?还有安全技术域又是怎么回事请高手指点。
- 在JAVA中XML以XSL交换数据不用流!
- 请用一个小的实例来证明为什么要用XML?
- 字符串中的数字替换
- 禁用cookie获得session问题
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
req = (HttpServletRequest) request;
response.setContentType("text/html;charset=utf-8");
// 处理Http请求,根据返回值做处理
int ret = handRequest(req);
switch (ret) {
case 0: //认证成功
try {
// Filter请求依然转发到目的地址。
chain.doFilter(request, response);
} catch (Exception e) {
e.printStackTrace();
}
break;
case 1: //用户不存在或者密码错误
PrintWriter out1 = response.getWriter();
out1.println("ERROR1");
out1.flush();
break;
case 2: //回话过期
PrintWriter out2 = response.getWriter();
out2.println("ERROR2");
out2.flush();
break;
case 3: //api不存在
PrintWriter out3 = response.getWriter();
out3.println("ERROR3");
out3.flush();
break;
case 4: //没有授权
PrintWriter out4 = response.getWriter();
out4.println("ERROR4");
out4.flush();
break;
case 5: //cookies为空
PrintWriter out5 = response.getWriter();
out5.println("ERROR5");
out5.flush();
break;
case 6: //登陆,注销
PrintWriter out6 = response.getWriter();
UserSecurity userSecurity = user.get();
if(null != userSecurity){
String retStr1 = "{\"sessionid\":\"" + userSecurity.getSessionid() + "\",\"userid\":\"" + userSecurity.getUserid() + "\",\"roleid\":\"" + userSecurity.getRoleid() + "\"}";
out6.println(retStr1);
} else {
// session 不存在
out6.println("ERROR6");
}
out6.flush();
}
return;
} // 处理所有的Http请求
public int handRequest(HttpServletRequest req) {
int ret = 0;
String url = req.getRequestURI();
if (url.equals("/server/")) {
return 3;
} String dir[] = url.split("/");
String ser = dir[2];
String cmd = dir[3];
// 判断是否是登陆服务,若是登陆则进行登陆处理,否则按Api处理
if (ser.equals("loginservice")) {
ret = dealLoginService(cmd, req);
} else {
System.out.println(cmd);
String cmdd[] = cmd.split(";");
ret = dealApiService(ser, cmdd[0], req);
}
return ret;
}
// 处理登陆
public int dealLoginService(String cmd, HttpServletRequest req) {
String u = req.getParameter("username");
String p = req.getParameter("passwd");
// 先校验登陆用户在数据库中是否存在,若不存在则不处理session,直接返回1,表示用户不存在
List<TBBS_User> lt = userDao.find("from TBBS_User where username = '" + u + "' and password = '" + p + "'");
if (lt.isEmpty()) {
System.out.println("No user in TBBS_User " + u );
return 1;
} // 获取session
HttpSession session = req.getSession(false);
// 若是登陆,session非空则销毁,然后生成新的session,并将user写入session,若是注销,session非空则销毁,然后退出
if (cmd.equals("Login")) {
if (session != null) {
try {
session.invalidate();
} catch (IllegalStateException e) {
e.printStackTrace();
}
}
session = req.getSession(true);
session.setAttribute("user", u);
} else if (cmd.startsWith("Logout")) {
if (session != null) {
try {
session.invalidate();
} catch (IllegalStateException e) {
e.printStackTrace();
}
} else {
System.out.println("Logout session == null");
}
}
return 6;
}
// 处理rest api
public int dealApiService(String ser, String cmd, HttpServletRequest req) {
System.out.println(ser+ "/" + cmd);
// 若SessionId来自cookie则获取并打印cookie
if (req.isRequestedSessionIdFromCookie()) {
Cookie[] c = req.getCookies();
if(null==c||c.length<1)
return 5;
for (int i = 0; i < c.length; ++i) {
System.out.println(c[i].getName());
System.out.println(c[i].getValue());
}
}
// 先获取session
HttpSession session = req.getSession(false);
// 若session为空,直接返回2,表示回话过期
if (session == null) {
System.out.println("session == null");
return 2;
} else {
//System.out.println("session != null");
// session非空,先获取session中的用户,然后根据user查找用户表,为空直接返回1,表示用户不存在
String user = (String)session.getAttribute("user");
List<TBBS_User> ltuser = userDao.find("from TBBS_User where username = '" + user + "'");
if (ltuser.isEmpty()) {
System.out.println("No this user in TBBS_User!" + user);
return 1;
}
// 根据api查找权限id,为空直接返回3,表示api不存在
String api = "/" + ser + "/" + cmd;
List<TBBS_Authority> ltauthor = authorityDao.find("from TBBS_Authority where authorityFunc = '" + api + "'");
if (ltauthor.isEmpty()) {
System.out.println("No this Authority in TBBS_Authority! api=" + api);
return 3;
}
// 根据权限id和roleid,查找记录,为空直接返回4,表示没有授权
String roleid = ltuser.get(0).getRoleId();
String authid = ltauthor.get(0).getAuthorityId();
String hql = "from TBBS_RoleAuthority where roleId = '" + roleid + "' and authorityId = '" + authid + "'";
//System.out.println(hql);
List<TBBS_RoleAuthority> lt = roleAuthorityDao.find(hql);
if (lt.isEmpty()) {
System.out.println("Role:" + roleid + " no Authority:" + authid);
return 4;
} return 0;
}
}