如何解决为我的Web应用程序JSF 2.0编写授权过滤器
| 遵循一些建议,我决定为自己的Web应用程序编写自己的授权过滤器(我没有使用容器管理的安全性,因此我必须采用这种方式)。 这是我的第一个过滤器,因此我对如何实现它感到有些困惑。 这是我到目前为止所做的:package filters;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.servletexception;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import entities.Role;
public class RestrictPageFilter implements Filter {
FilterConfig fc;
public void init(FilterConfig filterConfig) throws servletexception {
// The easiest way to initialize the filter
fc = filterConfig;
}
public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws IOException,servletexception {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String pageRequested = req.getRequestURL().toString();
Role currentUser = (Role) session.getAttribute(\"userRole\");
//Pages that are allowed with no need to login:
//-faq.xhtml
//-index.jsp
//-login.xhtml
//-main.xhtml
//-registration.xhtml
//Now pages that are restricted depending on the type of user
//buyoffer.xhtml(Only BUYER)
//sellerpanel.xhtml(Only SELLER)
//adminpanel.xhtml(Only ADMINISTRATOR)
//HOW SHOULD I IMPLEMENT THAT??
if(currentUser != null && currentUser.getType().equals(\"BUYER\")) {
}
if(currentUser != null && currentUser.getType().equals(\"SELLER\")) {
}
if(currentUser != null && currentUser.getType().equals(\"ADMINISTRATOR\")) {
}
}
public void destroy() {
// Not needed
}
}
<access>
<buyer>
<page>buyoffer.xhtml</page>
<page>faq.xhtml</page>
<page>index.jsp</page>
<page>login.xhtml</page>
<page>main.xhtml</page>
<page>registrationSucceded.xhtml</page>
</buyer>
<seller>
<page>sellerpanel.xhtml</page>
<page>faq.xhtml</page>
<page>index.jsp</page>
<page>login.xhtml</page>
<page>main.xhtml</page>
<page>registrationSucceded.xhtml</page>
</seller>
<administrator>
<page>sellerpanel.xhtml</page>
<page>faq.xhtml</page>
<page>index.jsp</page>
<page>login.xhtml</page>
<page>main.xhtml</page>
<page>registrationSucceded.xhtml</page>
</administrator>
</access>
<!-- THE REGISTRATION PAGES SHOULD NOT BE ACCESSIBLE IF THE USER IS LOGGED IN -->
public class RestrictPageFilter implements Filter {
private FilterConfig fc;
private InputStream in;
public void init(FilterConfig filterConfig) throws servletexception {
// The easiest way to initialize the filter
fc = filterConfig;
//Get the file that contains the allowed pages
in = this.getClass().getResourceAsstream(\"/allowedpages.xml\");
}
public void doFilter(ServletRequest request,servletexception {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String pageRequested = req.getRequestURL().toString();
//Get the value of the current logged user
Role currentUser = (Role) session.getAttribute(\"userRole\");
if (currentUser != null) {
}
}
public void destroy() {
// Not needed
}
}
解决方法
如果您需要允许访问,只需致电
// it will process request normally,means it will leave the control from Filter
chain.doFilter(request,response);
//take some action
response.sendRedirect(\"URL to some page\");//it will simply make user redirected
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
