使用过滤器对权限进行过滤,就是对访问的url地址进行判断
Posted 来自IT国的猴子
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用过滤器对权限进行过滤,就是对访问的url地址进行判断相关的知识,希望对你有一定的参考价值。
/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package cn.toher.filter; import cn.toher.bean.Group; import cn.toher.bean.User; import cn.toher.dao.AuthorityDao; import cn.toher.dao.GroupDao; import cn.toher.dao.UserDao; import java.io.IOException; import java.util.ArrayList; import java.util.List; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import static jdk.nashorn.internal.runtime.regexp.joni.constants.AsmConstants.S; /** * * @author Administrator */ public class AuthorityFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest servletRequest = (HttpServletRequest) request; HttpServletResponse servletResponse = (HttpServletResponse) response; User user = (User) servletRequest.getSession().getAttribute("Suser"); //获取请求的Servlet,即url if(user.getIsAdmin() != 1){ String currentURL = servletRequest.getServletPath(); System.out.println("currentURL:"+currentURL); AuthorityDao authorityDao = new AuthorityDao(); //通过url找到权限编号 String authorityNo = authorityDao.findAuthorityNo(currentURL); List<String> listuser = new ArrayList<String>();//存放个人权限编号集合 //通过获取Session得到user UserDao userDao = new UserDao(); //调用方法,把User的authorityNo拼接成String集合 listuser = userDao.splitString(user); //判断权限集合是否包含这个权限 // List 中 contains()函数的用法? if (listuser.contains(authorityNo)) { chain.doFilter(request, response); } else { response.getWriter().write("<script type=\"text/javascript\">alert(\"权限不足\")</script>"); } }else{ chain.doFilter(request, response); } } @Override public void destroy() { } }
以上是关于使用过滤器对权限进行过滤,就是对访问的url地址进行判断的主要内容,如果未能解决你的问题,请参考以下文章