使用過濾器對許可權進行過濾，就是對訪問的url地址進行判斷

標籤：pre   許可權不足   script   exp   pat   imp   split   url   函數   

/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */package cn.toher.filter;import cn.toher.bean.Group;import cn.toher.bean.User;import cn.toher.dao.AuthorityDao;import cn.toher.dao.GroupDao;import cn.toher.dao.UserDao;import java.io.IOException;import java.util.ArrayList;import java.util.List;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import static jdk.nashorn.internal.runtime.regexp.joni.constants.AsmConstants.S;/** * * @author Administrator */public class AuthorityFilter implements Filter {    @Override    public void init(FilterConfig filterConfig) throws ServletException {    }    @Override    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {        HttpServletRequest servletRequest = (HttpServletRequest) request;        HttpServletResponse servletResponse = (HttpServletResponse) response;        User user = (User) servletRequest.getSession().getAttribute("Suser");            //擷取請求的Servlet，即url            if(user.getIsAdmin() != 1){                String currentURL = servletRequest.getServletPath();                System.out.println("currentURL:"+currentURL);                AuthorityDao authorityDao = new AuthorityDao();                //通過url找到許可權編號                String authorityNo = authorityDao.findAuthorityNo(currentURL);                List<String> listuser = new ArrayList<String>();//存放個人許可權編號集合                //通過擷取Session得到user                UserDao userDao = new UserDao();                //調用方法，把User的authorityNo拼接成String集合                listuser = userDao.splitString(user);                //判斷許可權集合是否包含這個許可權//               List 中 contains（）函數的用法？                if (listuser.contains(authorityNo)) {                    chain.doFilter(request, response);                } else {                    response.getWriter().write("<script type=\"text/javascript\">alert(\"許可權不足\")</script>");                }            }else{                chain.doFilter(request, response);            }    }    @Override    public void destroy() {    }}

 

使用過濾器對許可權進行過濾，就是對訪問的url地址進行判斷