Security Access to securityfilter

Web. xml
<Filter>
<Filter-Name> securityfilter </filter-Name>
<Filter-class>
Com. xxxx. oss. commons. Filter. securityfilter
</Filter-class>
</Filter>
<Filter-mapping>
<Filter-Name> securityfilter </filter-Name>
<URL-pattern> *. jsp </url-pattern>
</Filter-mapping>
<Filter-mapping>
<Filter-Name> securityfilter </filter-Name>
<URL-pattern> *. DO </url-pattern>
</Filter-mapping>
Securityfilter class:
Package com. xxxx. oss. commons. filter;

Import javax. servlet .*;
Import javax. servlet. http .*;
Import org. Apache. commons. Logging. log;
Import org. Apache. commons. Logging. logfactory;

Import java. Io .*;
Import com. xxxx. oss. commons. Constant. reqattributetype;
Import com. xxxx. oss. commons. userinfo;
Import com. xxxx. oss. admin. operpurrela. operpurreladelegate;

Public class securityfilter extends httpservlet implements filter {

// Log log4j
Private Static log = logfactory. getlog (securityfilter. Class );

Private Static final long serialversionuid = 1l;

Private Static final string login_page = "/login. jsp ";

Private Static final string login_page2 = "/login. Do ";

Private filterconfig;

// Handle the passed-In filterconfig
Public void Init (filterconfig) throws servletexception {
This. filterconfig = filterconfig;
}

// Process the request/response pair
Public void dofilter (servletrequest request, servletresponse response,
Filterchain ){
Try {
Httpservletrequest Req = (httpservletrequest) request;

// Get URL + Param
String currenturl = Req. getrequesturi ();
// If (req. getquerystring ()! = NULL ){
// Currenturl = currenturl + "? "+ Req. getquerystring ();
//}
String Ajax = Req. getparameter ("cscomm ");
If (currenturl! = NULL & null = Ajax ){
If (currenturl. indexof (login_page)> = 0) | (currenturl. indexof (login_page2)> = 0 )){

} Else {
Httpservletresponse res = (httpservletresponse) response;
Res. setheader ("Pragma", "No-Cache ");
Res. setheader ("cache-control", "No-Cache ");
Res. setdateheader ("expires", 0 );

Userinfo = (userinfo) Req. getsession (). getattribute (reqattributetype. userinfo );

If (null = userinfo ){
If (currenturl! = NULL & currenturl. Contains ("printwindow. jsp ")){
Filterchain. dofilter (request, response );
Return;
}
Res. sendredirect (req. getcontextpath () + login_page );
Return;
} Else {
If (! Judgepur (currenturl, userinfo. getopercode ())){
Res. sendredirect (req. getcontextpath () + login_page );
Return;
}
}

}
}

Filterchain. dofilter (request, response );
} Catch (servletexception SX ){
Log. Error (SX );
Filterconfig. getservletcontext (). Log (sx. getmessage ());
} Catch (ioexception iox ){
Log. Error (iox );
Filterconfig. getservletcontext (). Log (iox. getmessage ());
} Catch (exception ex ){
Log. Error ("", ex );
Filterconfig. getservletcontext (). Log (ex. getmessage ());
}

}

Public void destroy (){
Filterconfig = NULL;
}

/**
* Verify whether the user can enter the URL
*
* @ Param URL
* String
* @ Param opercode
* String
* @ Return Boolean
* @ Throws exception
*/
Public Boolean judgepur (string URL, string opercode) throws exception {
Operpurreladelegate delegate = new operpurreladelegate ();

If (delegate. findpurbyurl (URL, opercode) =-1 ){
Return false;
}
Return true;
}
}

Operpurrelalogic:
/**
* Query the operator's high and low permissions on the business control point based on the URL
*
* @ Param URL
* String
* @ Param opercode
* String
* @ Return int 0, 1, 2 high, medium, and low permissions-1 No Permissions
* @ Throws exception
*/
Public int findpurbyurl (string URL, string opercode) throws exception {
Int purview =-1; // No permission by default

// Determine whether the logon user is a superemployee ID
If (Admin. issuperuser (opercode )){
Purview = 0; // The highest permission
} Else {
/** @ Todo the code to be modified */
Purview =-1;
}

Return purview;
}

Public class admin {
// Superjob ID
Private Static final string super_user [] = {"kfa001", "gd0001 "};

/**
* Super employee identification
*
* @ Param name
* String
* @ Return Boolean
*/
Public static Boolean issuperuser (string name ){
For (INT I = 0; I <super_user.length; I ++ ){
If (name. Equals (super_user [I])
Return true;
}
Return false;
}

}