java权限过滤器

Posted 2022-03-09 zexin

个人案列：

package com.ilas.bookcase.filter;

import com.ilas.bookcase.controller.admin.AdminController;
import com.ilas.bookcase.entity.Permission;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/**
 * @Author zzx
 * @Date 2019/5/8 9:17
 */
public class AdminLoginFilter extends OncePerRequestFilter 
    private String[] publicUrl;
    private Map<String, String> fileterUrlMap;

    public AdminLoginFilter() 
        publicUrl = new String[]
                   "/admin/css/\\S*",
                   "/admin/fonts/\\S*",
                   "/admin/img/\\S*",
                   "/admin/js/\\S*",
                   "/public/\\S*",
                   "/admin/signIn",
                   "/admin/signOut",
                   "/admin/Sign-in.jsp"
        ;
        fileterUrlMap = new HashMap<String, String>();
        fileterUrlMap.put("1001", "/admin/OperatorMgt.jsp");
        fileterUrlMap.put("1002", "/admin/SysteamLog.jsp");
        fileterUrlMap.put("2001", "/admin/ReadWriterMgt.jsp");
        fileterUrlMap.put("2002", "/admin/BookcaseMgt.jsp");
        fileterUrlMap.put("3001", "/admin/BookPutOnShelf.jsp");
        fileterUrlMap.put("3002", "/admin/BookOutforShelf.jsp");
        fileterUrlMap.put("3003", "/admin/BookMaintenance.jsp");
        fileterUrlMap.put("3004", "/admin/ReaderInfo.jsp");
        fileterUrlMap.put("3005", "/admin/SysteamLog.jsp");
        fileterUrlMap.put("3006", "/admin/OpeAbnormalLog.jsp");
        fileterUrlMap.put("4001", "/admin/LinkParamConfig.jsp");
    

    @Override
    protected void doFilterInternal(HttpServletRequest Request, HttpServletResponse Response, FilterChain filterChain) throws ServletException, IOException 
        String requestURI = Request.getRequestURI();
        String contextPath = Request.getContextPath();
        boolean state=false;
        if(!contextPath.equals("/"))
            requestURI=requestURI.substring(contextPath.length());
        

        for(String url:publicUrl)
            if(requestURI.matches(url))
                filterChain.doFilter(Request,Response);
                return;
            
        

        HttpSession session = Request.getSession();
        Object attribute = session.getAttribute(AdminController.CURRENT_LOGIN_ADMIN);
        List<Permission> permissions = (List<Permission>)session.getAttribute(AdminController.CURRENT_ROLE_PERMISSION);
        String menuUrl="/admin/MenuList.jsp";
        if(attribute!=null)
            if(permissions!=null && permissions.size()>0)
                //查看角色是否有该页面的权限
                Iterator<Map.Entry<String, String>> iterator = fileterUrlMap.entrySet().iterator();
                while (iterator.hasNext()) 
                    Map.Entry<String, String> next = iterator.next();
                    if (next.getValue().matches(requestURI)) 
                        for (Permission permission : permissions) 
                            if (next.getKey().equals(permission.getCode())) 
                                filterChain.doFilter(Request, Response);
                                return;
                            
                        
                        //角色没有该权限
                        state=false;
                        break;
                    
                    state=true;
                
                //找不到需要权限校验的页面放行
                if(state)
                    filterChain.doFilter(Request, Response);
                    return;
                

            
            if(requestURI.equals(menuUrl))
                filterChain.doFilter(Request,Response);
                return;
            
                Response.sendRedirect(Request.getContextPath() + "/admin/MenuList.jsp");

        else
            Response.sendRedirect(Request.getContextPath()+"/admin/Sign-in.jsp");