81,092
社区成员
发帖
与我相关
我的任务
分享
import au.com.company.SessionBean1;
import au.com.company.model.User;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SecurityCheckFilter implements Filter {
private final static String FILTER_APPLIED = "_security_filter_applied";
public SecurityCheckFilter() { // called once. no method arguments allowed here!
}
public void init(FilterConfig conf) throws ServletException {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest hreq = (HttpServletRequest) request;
HttpServletResponse hres = (HttpServletResponse) response;
HttpSession session = hreq.getSession();
String page = hreq.getPathTranslated();
// 这里不要屏蔽login.jsp,否则是个死循环
if ( request.getAttribute(FILTER_APPLIED) == null &&
!page.endsWith("login.jsp") &&
(page.endsWith(".jsp") || page.endsWith(".jspf")) ) { //除了login.jsp,屏蔽一切jsp,jspf页面
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
// 从SessionBean里得到已经登录的用户,如果用户没有登录,则回到login.jsp页
User loginUser = null;
if (session.getAttribute("SessionBean1") != null) {
loginUser = ((SessionBean1) session.getAttribute("SessionBean1")).getLoginUser();
}
if (loginUser == null) {
hres.sendRedirect("login.jsp");
return;
}
}
// deliver request to next filter
chain.doFilter(request, response);
}
}