加個(gè)filter如何？這樣做可以避免把要過(guò)濾的action硬編碼于類(lèi)中，而且無(wú)需繼承BaseAction。不知這個(gè)方法如何？  回復(fù)  更多評(píng)論
  

嗯 用filter是一個(gè)好辦法  回復(fù)  更多評(píng)論
  

package com.gpPlatform.utils;
/* 檢驗(yàn)管理員是否已經(jīng)登錄的過(guò)濾器*/
import java.util.List;
import java.util.ArrayList;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class LoginCheckFilter implements Filter{

private static List<String> notFilterURL;

@SuppressWarnings("static-access")
public void init(FilterConfig filterconfig) throws ServletException{
this.notFilterURL= new ArrayList<String>();
notFilterURL.add("/gpplatform/adminLog.jsp");
notFilterURL.add("/gpplatform/errorPage.jsp");
notFilterURL.add("/gpplatform/testJDBC.jsp");
notFilterURL.add("/gpplatform/yzm.jsp");
notFilterURL.add("/gpplatform/script/trim.js");
}

public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain)throws IOException, ServletException{
HttpServletRequest request= (HttpServletRequest) req;
HttpServletResponse response= (HttpServletResponse) res;
HttpSession session= request.getSession();

boolean flag= true;
String str= "/gpplatform"+request.getServletPath();

for(String url:notFilterURL){
if(str.equals(url)){
flag= false;
break;
}
}

System.out.println(str+" "+flag);

if(flag&&session.getAttribute("curr_admin")==null){
//對(duì)不在notFilterURL集合路徑中的url進(jìn)行過(guò)濾
System.out.println("<=====You haven't logged in!=====>");
response.sendRedirect("/gpplatform/adminLog.jsp");
}
else{
chain.doFilter(req, res);
return;
}
}

public void destroy(){}
}  回復(fù)  更多評(píng)論
  

小弟初學(xué)java web開(kāi)發(fā)，正在研究filter和listener。

以上是自己一個(gè)web工程的filter。通過(guò)設(shè)置一個(gè)不被過(guò)濾的url集合notFilterURL，實(shí)現(xiàn)在struts1中沒(méi)有的interceptor所完成的功能。


  回復(fù)  更多評(píng)論
  

/*增強(qiáng)版：利用spring容器初始化dao的bean，再用init方法獲取系統(tǒng)context得到該dao從而實(shí)現(xiàn)RBAC模型下對(duì)動(dòng)作權(quán)限的管理 */
package com.gpPlatform.utils;
/* 檢驗(yàn)管理員是否已經(jīng)登錄及是否擁有權(quán)限的過(guò)濾器*/
import java.util.List;
import java.util.Map;
import java.util.Iterator;
import java.util.Set;
import java.util.Date;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.gpPlatform.IConstants;
import com.gpPlatform.services.ResourceDao;
import com.gpPlatform.forms.AdminForm;

import org.springframework.context.ApplicationContext;
import org.springframework.context.support.FileSystemXmlApplicationContext;

public class SecurityCheckFilter implements Filter{

private List<String> notFilterURL;

private ResourceDao resourcedao= null;

private Map<String,String> permits;

private String getPermitId(String action_url){ //根據(jù)Map獲取動(dòng)作資源id
this.permits= resourcedao.getResourceList();
String rid_visited="NO_MATCH";
Set<String> key = permits.keySet(); //獲取權(quán)限集map鍵集合
for(Iterator<String> it=key.iterator();it.hasNext();){
String k= it.next();
if(k.equals(action_url)){
rid_visited=permits.get(k);
break;
}
}
return rid_visited;
}

private boolean isPIdExist(AdminForm aform,String rid,boolean init){
boolean flag=!init;
if(!flag){
String[] pArray= aform.getPermitList();
for(String pid:pArray){
System.out.println(pid);
if(pid.equals(rid))
return true;
}
}

return flag;
}

public void init(FilterConfig filterconfig) throws ServletException{ //獲取系統(tǒng)context以傳遞屬性
String configpath= "F:/tomcat 5.5.2/Tomcat 5.5/webapps/gpplatform/WEB-INF/appContext.xml";
ApplicationContext context= new FileSystemXmlApplicationContext(configpath);
IConstants iconstant=(IConstants)context.getBean("constants");
resourcedao= (ResourceDao)context.getBean("resourcedao"); //不可setter直接注入，filter servlet容器先于spring生成
notFilterURL = iconstant.getNotFilterURL();

System.out.println("There are "+notFilterURL.size()+" urls free of filtering");
}

public void doFilter(ServletRequest req, ServletResponse res, //改寫(xiě)doFilter方法檢驗(yàn)
FilterChain chain)throws IOException, ServletException{

HttpServletRequest request= (HttpServletRequest) req;
HttpSession session= request.getSession();
AdminForm aform= (AdminForm)session.getAttribute(IConstants.CURR_ADMIN_KEY);

boolean flag1= true;
boolean flag2= true;

String str= request.getServletPath();

if(str.indexOf(".jsp")!=-1||str.indexOf(".do")!=-1){
for(String url:notFilterURL){
if(str.equals(url)){
flag1= false;
break;
}
}
}
else
flag1= false;

if(str.indexOf(".do")!=-1&&request.getParameter("method")!=null&&!request.getParameter("method").equals("readInfo"))
str += "?method="+request.getParameter("method"); //獲取一般的動(dòng)作參數(shù)
else
flag2= false;

System.out.println("action str is "+str+" "+flag1+" "+flag2);
if(flag1){
if(aform==null){ //對(duì)不在免除過(guò)濾路徑集合中的url進(jìn)行過(guò)濾
System.out.println("<=======You haven't Logged in yet!=======>"+(new Date()).toString());
request.setAttribute(IConstants.LOGIN_ERROR_KEY, "抱歉，您還沒(méi)有登陸本系統(tǒng)%>_<%");
request.getRequestDispatcher("/adminLog.jsp").forward(req, res);
}
else{
if(!this.isPIdExist(aform, this.getPermitId(str), flag2)){
System.out.println("<======You don't hava such permit!======>"+(new Date()).toString());
request.setAttribute(IConstants.PERMIT_ERROR_KEY,"抱歉，您不具備當(dāng)前功能的權(quán)限⊙﹏⊙ ");
request.getRequestDispatcher("/errorPage.jsp").forward(req, res);
}
else{
chain.doFilter(req, res);
return;
}
}
}
else{
chain.doFilter(req, res);
return;
}
}

public void destroy(){}
}  回復(fù)  更多評(píng)論
  

頂頂頂頂頂頂頂頂頂  回復(fù)  更多評(píng)論
  

asd  回復(fù)  更多評(píng)論