【Java开源代码栏目提醒】:网学会员Java开源代码为您提供AclFilter.java参考,解决您在AclFilter.java学习中工作中的难题,参考学习。
package jaoso.framework.web.filter;
import jaoso.framework.context.Global;
import jaoso.framework.security.Acl;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
/**
* DOCUMENT ME!
*
* @author $author$
* @version $Revision$
*/
public class AclFilter implements Filter {
//~ Instance fields ========================================================
/** Acl DAO, responsible for reading acl configuration from file */
private Acl acl;
/**
* The filter configuration object we are associated with. If this value
* is null, this filter instance is not currently configured.
*/
private FilterConfig config;
/** DOCUMENT ME! */
private Log log = LogFactory.getLog(AclFilter.class);
//~ Methods ================================================================
/**
* Take this filter out of service.
*/
public final void destroy() {
config = null;
acl = null;
}
/**
* Use acl-config.
xml to store
web pages that can only be viewed by logined
* user. For every web resource, if it is a protected resource, check if
* the user has been logined, if not, save corrent page to session,
* forward to logon page
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @param chain The filter chain we are processing
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
public final void doFilter(final ServletRequest request,
final ServletResponse response, final FilterChain chain)
throws IOException, ServletException {
HttpServletRequest hreq = (HttpServletRequest) request;
String[] urls = StringUtils.split(hreq.getRequestURI(), "/");
String url = urls[(urls.length - 1)];
log.info("filter url: " + url);
boolean noLogin = (hreq.getSession(false) == null)
|| (hreq.getSession(false)
.getAttribute("account") == null)
|| (hreq.getSession(false)
.getAttribute("group") == null);
//check login
if (noLogin && acl.isProtectedResource(url)) {
// String url = "/" + uri + "?" + hreq.getQueryString();
//hreq.setAttribute( ForumConstants.DEST_URL, url );
config.getServletContext()
.getRequestDispatcher("/login.do")
.forward(request, response);
return;
}
//end if
if (acl.isProtectedResource(url)) {
//get subject
final String group = (String) hreq.getSession()
.getAttribute("group");
if (!acl.hasRight(url, group)) {
config.getServletContext()
.getRequestDispatcher("/noRight.do?method=noRight")
.forward(request, response);
return;
}
//end if
}
//end if
// Pass control on to the next filter
chain.doFilter(request, response);
}
/**
* Place this filter into service. Read acl configuration from file
*
* @param filterConfig The filter configuration object
* @exception ServletException error
*/
public final void init(final FilterConfig filterConfig)
throws ServletException {
config = filterConfig;
ServletContext context = filterConfig.getServletContext();
acl = (Acl) Global.getInstance()
.getService("acl");
}
}