//过滤器代码
package cn.cslg.labsys.filter;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.naming.NamingException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import cn.cslg.labsys.db.DBPoolException;
import cn.cslg.labsys.db.JndiBean;
/**
* 过滤器,对用户登录情况进行检查,如果用户未登录,则转到登录页面处理
*
* @author jimshen
*
*/
public class SessionChecker implements Filter {
private String targetURI;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// 取得HTTP request/response/session对象
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpSession session = httpRequest.getSession(false);
// 如果用户已登录,按既定流程运行
try{
if (session != null) {
String user = (String) session.getAttribute("TNum");
if (user != null) {
String url = httpRequest.getRequestURI();
if(pright(url,user)){
chain.doFilter(request, response);
return;
}else
return;
}
}
}catch(DBPoolException e){
throw new ServletException(e);
}catch(NamingException e){
throw new ServletException(e);
}catch(SQLException e){
throw new ServletException(e);
}
httpResponse.sendRedirect(targetURI);
}
private boolean pright(String url, String tnum) throws DBPoolException,
NamingException, SQLException {
Connection conn = null;
try {
conn = JndiBean.getConnection();
String sql="select * from priviledge where locate(module,?)<>0 and Tnum=?";
PreparedStatement pstmt=conn.prepareStatement(sql);
pstmt.setString(1,url);
pstmt.setString(2, tnum);
ResultSet rs=pstmt.executeQuery();
if(rs.next())
return true;
rs.close();
pstmt.close();
sql="select * from priviledge where locate(module,?)<>0";
pstmt=conn.prepareStatement(sql);
pstmt.setString(1,url);
rs=pstmt.executeQuery();
if(rs.next())
return false;
return true;
} finally {
if (conn != null)
conn.close();
}
}
public void init(FilterConfig filterConfig) throws ServletException {
targetURI = filterConfig.getInitParameter("targetURI");
}
public void destroy() {
}
}
//过滤器配置(web.xml)
<!-- filter to check user privilidge -->
<filter>
<filter-name>SessionChecker</filter-name>
<filter-class>cn.cslg.labsys.filter.SessionChecker</filter-class>
<init-param>
<param-name>targetURI</param-name>
<param-value>/LabSys/index.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SessionChecker</filter-name>
<url-pattern>/outlines/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SessionChecker</filter-name>
<url-pattern>/labfile/*</url-pattern>
</filter-mapping>
//priviledge表结构
TNum(用户名) module(模块名,即目录名)
s09002 labfile
s09025 labfile
没有评论:
发表评论