filter怎么处理权限的功能!!!!!
最近 在做人力资源的项目,需要处理权限分配的功能,怎么使用filter处理呢?哪位大侠可以帮帮忙!! Filter 人力资源
[解决办法]
有权限的给它相应的菜单,没权限的不给菜单好了
[解决办法]
把用户权限信息存在session里,每次请求来了判断下。
[解决办法]
楼上的对,在web.xml中配置个filter过滤每个请求。
[解决办法]
根据权限查询出他的菜单,过滤掉他不能用的功能 。
[解决办法]
首先登录的时候 查询用户的所有权限id,封装成集合保存在session中,然后过滤器拦截所有的模块请求,获取模块id,与session中的权限id做一个匹配,有就可以访问,没有就提示没有权限。。
[解决办法]
可以参考一下这个代码:
// 按权限实现Api过滤功能
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
req = (HttpServletRequest) request;
response.setContentType("text/html;charset=utf-8");
// 处理Http请求,根据返回值做处理
int ret = handRequest(req);
switch (ret) {
case 0: //认证成功
try {
// Filter请求依然转发到目的地址。
chain.doFilter(request, response);
} catch (Exception e) {
e.printStackTrace();
}
break;
case 1: //用户不存在或者密码错误
PrintWriter out1 = response.getWriter();
out1.println("ERROR1");
out1.flush();
break;
case 2: //回话过期
PrintWriter out2 = response.getWriter();
out2.println("ERROR2");
out2.flush();
break;
case 3: //api不存在
PrintWriter out3 = response.getWriter();
out3.println("ERROR3");
out3.flush();
break;
case 4: //没有授权
PrintWriter out4 = response.getWriter();
out4.println("ERROR4");
out4.flush();
break;
case 5: //cookies为空
PrintWriter out5 = response.getWriter();
out5.println("ERROR5");
out5.flush();
break;
case 6: //登陆,注销
PrintWriter out6 = response.getWriter();
UserSecurity userSecurity = user.get();
if(null != userSecurity){
String retStr1 = "{"sessionid":"" + userSecurity.getSessionid() + "","userid":"" + userSecurity.getUserid() + "","roleid":"" + userSecurity.getRoleid() + ""}";
out6.println(retStr1);
} else {
// session 不存在
out6.println("ERROR6");
}
out6.flush();
}
return;
}
// 处理所有的Http请求
public int handRequest(HttpServletRequest req) {
int ret = 0;
String url = req.getRequestURI();
if (url.equals("/server/")) {
return 3;
}
String dir[] = url.split("/");
String ser = dir[2];
String cmd = dir[3];
// 判断是否是登陆服务,若是登陆则进行登陆处理,否则按Api处理
if (ser.equals("loginservice")) {
ret = dealLoginService(cmd, req);
} else {
System.out.println(cmd);
String cmdd[] = cmd.split(";");
ret = dealApiService(ser, cmdd[0], req);
}
return ret;
}
// 处理登陆
public int dealLoginService(String cmd, HttpServletRequest req) {
String u = req.getParameter("username");
String p = req.getParameter("passwd");
// 先校验登陆用户在数据库中是否存在,若不存在则不处理session,直接返回1,表示用户不存在
List<TBBS_User> lt = userDao.find("from TBBS_User where username = '" + u + "' and password = '" + p + "'");
if (lt.isEmpty()) {
System.out.println("No user in TBBS_User " + u );
return 1;
}
// 获取session
HttpSession session = req.getSession(false);
// 若是登陆,session非空则销毁,然后生成新的session,并将user写入session,若是注销,session非空则销毁,然后退出
if (cmd.equals("Login")) {
if (session != null) {
try {
session.invalidate();
} catch (IllegalStateException e) {
e.printStackTrace();
}
}
session = req.getSession(true);
session.setAttribute("user", u);
} else if (cmd.startsWith("Logout")) {
if (session != null) {
try {
session.invalidate();
} catch (IllegalStateException e) {
e.printStackTrace();
}
} else {
System.out.println("Logout session == null");
}
}
return 6;
}
// 处理rest api
public int dealApiService(String ser, String cmd, HttpServletRequest req) {
System.out.println(ser+ "/" + cmd);
// 若SessionId来自cookie则获取并打印cookie
if (req.isRequestedSessionIdFromCookie()) {
Cookie[] c = req.getCookies();
if(null==c
[解决办法]
c.length<1)
return 5;
for (int i = 0; i < c.length; ++i) {
System.out.println(c[i].getName());
System.out.println(c[i].getValue());
}
}
// 先获取session
HttpSession session = req.getSession(false);
// 若session为空,直接返回2,表示回话过期
if (session == null) {
System.out.println("session == null");
return 2;
} else {
//System.out.println("session != null");
// session非空,先获取session中的用户,然后根据user查找用户表,为空直接返回1,表示用户不存在
String user = (String)session.getAttribute("user");
List<TBBS_User> ltuser = userDao.find("from TBBS_User where username = '" + user + "'");
if (ltuser.isEmpty()) {
System.out.println("No this user in TBBS_User!" + user);
return 1;
}
// 根据api查找权限id,为空直接返回3,表示api不存在
String api = "/" + ser + "/" + cmd;
List<TBBS_Authority> ltauthor = authorityDao.find("from TBBS_Authority where authorityFunc = '" + api + "'");
if (ltauthor.isEmpty()) {
System.out.println("No this Authority in TBBS_Authority! api=" + api);
return 3;
}
// 根据权限id和roleid,查找记录,为空直接返回4,表示没有授权
String roleid = ltuser.get(0).getRoleId();
String authid = ltauthor.get(0).getAuthorityId();
String hql = "from TBBS_RoleAuthority where roleId = '" + roleid + "' and authorityId = '" + authid + "'";
//System.out.println(hql);
List<TBBS_RoleAuthority> lt = roleAuthorityDao.find(hql);
if (lt.isEmpty()) {
System.out.println("Role:" + roleid + " no Authority:" + authid);
return 4;
}
return 0;
}
}
