編輯特別推薦:

種方式：利用filter、xml文件和用戶信息表配合使用來實現權限管理。

1.過濾器filter

package cn.com.aaa.bbb.filter;

import java.io.IOException;

import java.io.InputStream;

import java.util.HashMap;

import java.util.Iterator;

import java.util.List;

import java.util.Map;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletContext;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

import org.dom4j.Document;

import org.dom4j.Element;

import org.dom4j.io.SAXReader;

import cn.com.aaa.bbb.domain.User;

import cn.com.aaa.bbb.util.HttpUtils;

/**

* 過濾：后臺管理的模塊授權。根據：配置文件xml，根據當前session中用的管理員信息。

* 注：不用再訪問數據庫。也不需要再使用什么 bean 去判斷。直接在這個類里就可以判斷。

* @author cuiguangqiang

*

*/

public class ManagerAuthFilter implements Filter {

protected static final Log logger = LogFactory.getLog(ManagerAuthFilter.class);

public static final String MAPPING_FILE = "/WEB-INF/managerauthmapping.xml";

private ServletContext context = null;

private Map actions = new HashMap();

public void init(FilterConfig filterConfig) throws ServletException {

context = filterConfig.getServletContext();

if(context==null){

logger.error("unable to init as servlet context is null");

return;

}

loadConf();

logger.info("ManagerAuthFilter configure success.");

}

private void loadConf() {

InputStream inputStream = context.getResourceAsStream(MAPPING_FILE);

if (inputStream == null) {

logger.info("unable find auth mapping file " + MAPPING_FILE);

} else {

actions = parseConf(inputStream);

}

}

private Map parseConf(InputStream inputStream) {

try {

SAXReader reader = new SAXReader();

Document document = reader.read(inputStream);

return createActionMap(document);

} catch (Exception e) {

logger.info(e.getMessage());

e.printStackTrace();

}

return new HashMap();

}

private Map createActionMap(Document document) {

Map map = new HashMap();

Element root = document.getRootElement();

//處理XML，讀入JAVA Object對象中。

List actionList = root.elements();

for (Iterator it = actionList.iterator(); it.hasNext();) {

Element e = (Element) it.next();

String actionName = e.attributeValue("name");

String auth_value = e.element("auth-value").getTextTrim();

map.put(actionName,auth_value);

logger.info(actionName + " is " + auth_value);

}

return map;

}

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

//處理某次提交的Action，是否在權限定義范圍內

//權限共有：1:站長；2:編輯；0:Admin ; all 代表所有人都可以。(均需要登錄)

HttpServletRequest req = (HttpServletRequest) request;

HttpServletResponse resp = (HttpServletResponse) response;

//(１)得到此次用戶的提交請求

String url = req.getServletPath();

//(２)只有在配置文件中存在的 action 才進行處理

String method = req.getParameter("method");

if(method!=null){

url = url + "?method=" + method;

}

String auth_value = (String)actions.get(url);

if(auth_value==null){

logger.info("action is not in Manager Auth xml.");

chain.doFilter(request, response);

return;

}

來源:考試大-Java認證

責編:xxm??評論?糾錯

上一頁1