package com.erichfund.cljjfof.server.util;
import java.io.IOException;
/**
* @author 作者 zhuzhengquan:
* @version 创建时间:2016年11月21日 下午6:49:26
* 类说明
*/
public class WebAuthFilter implements Filter {
private String errorPage;
private Configuration cfg = null;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
errorPage = filterConfig.getInitParameter("errorPage");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse)response;
if(WebUserSession.getUserSession()== null ){
if(req.getRequestURI().startsWith("/ajax1....") ||
req.getRequestURI().startsWith("/ajax2...")){ // 弹框登录
}else{ // URL跳转
String method = req.getMethod();
String returnUrl ;
if(method.equals("GET")){
returnUrl = "/webfof_login/login?service=" + URLEncoder.encode("get " + req.getRequestURI() + (StringUtils.hasText(req.getQueryString())?"?"+req.getQueryString():""),"utf-8");
}else if(method.equals("POST")){
String host="";
String path = req.getRequestURI() + (StringUtils.hasText(req.getQueryString())?"?"+req.getQueryString():"");
MultivaluedMap<String,String> formParams = FormUrlEncodedProvider.parseForm(req.getInputStream());
Map<String,Object> data = new HashMap<String,Object>();
data.put("host", host);
data.put("path", path);
data.put("formParams", formParams);
String url = JsonUtil.serializeToJson(data);
returnUrl = "/webfof_login/login?service=" + URLEncoder.encode("post " + url,"utf-8");
}else{
throw new RuntimeException("not support "+method);
}
res.sendRedirect(returnUrl);//LCK login.jsp
}
return;
}else{
String uri = ((HttpServletRequest)request).getRequestURI();
IAuthService authService = EnviromentUtil.getWebApplicationContext().getBean(IAuthService.class);
boolean hasOperatePrivilege = authService.hasOperatePrivilege(UserSession.getUserSession().getOpid(), uri);
if(!hasOperatePrivilege){
cfg = new Configuration();
cfg.setServletContextForTemplateLoading(request.getServletContext(), null);
// 创建数据模型
Map<String,String> dataMap = new HashMap<String,String>();
dataMap.put("msg", "您无权访问此链接");
Template template = cfg.getTemplate(errorPage);
PrintWriter out = res.getWriter();
try {
template.process(dataMap, out);
} catch (TemplateException e) {
e.printStackTrace();
}
out.flush();
// request.setAttribute("msg", "您无权访问此链接");//存储业务异常信息类
// request.getRequestDispatcher(errorPage).forward(request, response);//跳转到信息提示页面!!
return;
}
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
}
浙公网安备 33010602011771号