在web.xml中的配置
<filter>
<filter-name>adminAccessControl</filter-name>
<filter-class>com.fcms.core.web.AccessControlFilter</filter-class>
<init-param>
<param-name>isControl</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>adminAccessControl</filter-name><url-pattern>/admin/*</url-pattern>
</filter-mapping>
过滤器
package com.fcms.core.web;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.fcms.core.entity.Admin;
import com.fcms.core.entity.User;
import com.fcms.core.manager.AdminMng;
public class AccessControlFilter implements Filter {
private static Logger log = LoggerFactory.getLogger(AccessControlFilter.class);
private boolean isControl;
private static final String BEAN_NAME = "adminMngImpl";
private AdminMng adminMng;
public void init(FilterConfig filterConfig) throws ServletException {
String control = filterConfig.getInitParameter("isControl");
if ("false".equals(control)) {
isControl = false;
} else {
isControl = true;
}
WebApplicationContext wac = WebApplicationContextUtils.getRequiredWebApplicationContext(filterConfig.getServletContext());
adminMng = (AdminMng) wac.getBean(BEAN_NAME, AdminMng.class);
}
@SuppressWarnings("unchecked")
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
HttpServletResponse resp = (HttpServletResponse) servletResponse;
HttpSession session = req.getSession(false);
if (isControl) {
if(req.getRequestURI().toString().replace("/","" ).trim().equals("admin"))
{
resp.sendRedirect(req.getContextPath() + "/login/index.do");
return;
}
if (session == null) {
//resp.sendRedirect(req.getContextPath() + "/login/Fcms.do");
resp.sendRedirect(req.getContextPath() + "/login/nologin.htm");
// resp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
String domain = req.getServerName();
Long userId = (Long) session.getAttribute(User.USER_KEY);
Long adminId = (Long) session.getAttribute(Admin.ADMIN_KEY);
Admin admin = adminMng.getLoginAdmin(domain, adminId, userId, session);
if (admin == null) {
resp.sendRedirect(req.getContextPath() + "/login/nologin.do");
// resp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
/*// 已在本站注册的超级管理员不受权限控制
if (userId.equals(1L)) {
chain.doFilter(servletRequest, servletResponse);
return;
}
// 检查访问地址是否在管理员的权限集中
String url = getUrl(req);
Set<String> fiSet = (Set<String>) session.getAttribute(Admin.RIGHTS_KEY);
if (fiSet == null || !fiSet.contains(url)) {
resp.sendRedirect(req.getContextPath() + "/login/index.do");
//resp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}*/
chain.doFilter(servletRequest, servletResponse);
return;
} else {
// 用于开发状态
if (session == null) {
session = req.getSession(true);
}
session.setAttribute(Admin.ADMIN_KEY, 1L);
session.setAttribute(User.USER_KEY, 1L);
chain.doFilter(servletRequest, servletResponse);
}
}
private String getUrl(HttpServletRequest req) {
String url = req.getRequestURI();
String context = req.getContextPath();
if (url.indexOf(".") != -1) {
return url.substring(context.length(), url.indexOf("."));
} else if (url.indexOf("?") != -1) {
return url.substring(context.length(), url.indexOf("?"));
} else {
return url.substring(context.length());
}
}
public void destroy() {
}
}
扫一扫
3869
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
