实现的功能是:当用户登录之前,拦截当前url,跳转到登录页面,用户登录,登录成功后跳转至拦截的url页面;用户登录之后,直接将页面跳转至该url。
原理很简单:拦截器拦截请求,判断是否登录:如果是,则不处理,直接跳转;如果没有,则跳转到登录的路径,并将该url作为参数传递到登录页面,在登录页面通过一个隐藏域将url传递给登录的处理逻辑,处理完登录成功后跳转至url。
拦截器,拦截请求Myfilter.java
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 邮件链接拦截器
*
* @author
*/
public class Myfilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpreq = (HttpServletRequest)request;
HttpServletResponse httpres = (HttpServletResponse)response;
String url = "";
String contextPathStr = httpreq.getContextPath();
com.eos.data.datacontext.UserObject uo = (com.eos.data.datacontext.UserObject)httpreq.getSession().getAttribute("userObject");
if(!httpreq.getRequestURL().toString().endsWith("login.jsp")&&!httpreq.getRequestURL().toString().endsWith(".jpg")
&&!httpreq.getRequestURL().toString().endsWith(".css")&&!httpreq.getRequestURL().toString().endsWith(".js")
&&!httpreq.getRequestURL().toString().endsWith(".gzip")&&!httpreq.getRequestURL().toString().endsWith(".gif")
&&!httpreq.getRequestURL().toString().endsWith("Login.flow")&&!httpreq.getRequestURL().toString().endsWith("login")
&&!httpreq.getRequestURL().toString().endsWith("logout")&&!httpreq.getRequestURL().toString().endsWith("index.jsp")
&&!httpreq.getRequestURL().toString().endsWith("error.jsp")){//过滤掉一些request的路径
if(uo==null||(uo.getUserId()==null || uo.getUserId()==""))//如果没有登录
{
url = com.phfund.rap.common.MyRedirect.dealurl(httpreq);//记录当前地址和请求参数,dealurl将实际url处理了避免和要请求url有干扰,因为会有& 字符
//System.out.println(com.phfund.rap.common.MyRedirect.geturl(url)+"==");
httpres.sendRedirect(contextPathStr+"/auth/login.jsp?tourl="+url) ;//重定向到登录页面
}else{
chain.doFilter(request, response); //进入下一个拦截器
}
}else{
chain.doFilter(request, response);
}
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
public void destroy() {
// TODO Auto-generated method stub
}
}
web.xml里添加拦截器的配置
<filter>
<filter-name>MyFilter</filter-name>
<filter-class>com.phfund.rap.common.Myfilter</filter-class>
</filter>
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
MyRedirect.java跳转的url的处理类。
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
/**
* 邮件链接用的控制跳转url的类
*
*/
public class MyRedirect {
/**
* @param request 请求
* @return 经过处理的加密后的url
*
*/
public static String dealurl(HttpServletRequest request) {
String url = "";
try {
DesUtils des = new DesUtils("leemenz");
url = request.getRequestURL() + "?";
url += param(request);
if (url.indexOf("&") > -1)
url = url.replaceAll("&", "@#@");// 实际上就是把有&的字符转化成了@#@
url = des.encrypt(url);
} catch (Exception e) {
e.printStackTrace();
}
return url;
}
/**
* @param url 经过处理的加密的url
* @return 正常的url
*/
public static String geturl(String url)// 这个是还原方法
{
try {
DesUtils des = new DesUtils("leemenz");
url = des.decrypt(url);
if (url.indexOf("@#@") > -1)
url = url.replaceAll("@#@", "&");
} catch (Exception e) {
e.printStackTrace();
}
return url;
}
/**
* @param request
* @return
*/
public static String param(HttpServletRequest request) {
String url = "";
Enumeration param = request.getParameterNames();// 得到所有参数名
while (param.hasMoreElements()) {
String pname = param.nextElement().toString();
url += pname + "=" + request.getParameter(pname) + "&";
}
if (url.endsWith("&")) {
url = url.substring(0, url.lastIndexOf("&"));
}
return url;
}
}
加密类:DesUtils.java
import java.security.Key;
import java.security.Security;
import javax.crypto.Cipher;
/**
* DES加密和解密工具,可以对字符串进行加密和解密操作 。
*/
public class DesUtils {
/** 字符串默认键值 */
private static String strDefaultKey = "national";
/** 加密工具 */
private Cipher encryptCipher = null;
/** 解密工具 */
private Cipher decryptCipher = null;
/**
* 将byte数组转换为表示16进制值的字符串, 如:byte[]{8,18}转换为:0813, 和public static byte[]
* hexStr2ByteArr(String strIn) 互为可逆的转换过程
*
* @param arrB
* 需要转换的byte数组
* @return 转换后的字符串
* @throws Exception
* 本方法不处理任何异常,所有异常全部抛出
*/
public static String byteArr2HexStr(byte[] arrB) throws Exception {
int iLen = arrB.length;
// 每个byte用两个字符才能表示,所以字符串的长度是数组长度的两倍
StringBuffer sb = new StringBuffer(iLen * 2);
for (int i = 0; i < iLen; i++) {
int intTmp = arrB[i];
// 把负数转换为正数
while (intTmp < 0) {
intTmp = intTmp + 256;
}
// 小于0F的数需要在前面补0
if (intTmp < 16) {
sb.append("0");
}
sb.append(Integer.toString(intTmp, 16));
}
return sb.toString();
}
/**
* 将表示16进制值的字符串转换为byte数组, 和public static String byteArr2HexStr(byte[] arrB)
* 互为可逆的转换过程
*
* @param strIn
* 需要转换的字符串
* @return 转换后的byte数组
* @throws Exception
* 本方法不处理任何异常,所有异常全部抛出
* @author <a href="mailto:[email protected]">LiGuoQing</a>
*/
public static byte[] hexStr2ByteArr(String strIn) throws Exception {
byte[] arrB = strIn.getBytes();
int iLen = arrB.length;
// 两个字符表示一个字节,所以字节数组长度是字符串长度除以2
byte[] arrOut = new byte[iLen / 2];
for (int i = 0; i < iLen; i = i + 2) {
String strTmp = new String(arrB, i, 2);
arrOut[i / 2] = (byte) Integer.parseInt(strTmp, 16);
}
return arrOut;
}
/**
* 默认构造方法,使用默认密钥
*
* @throws Exception
*/
public DesUtils() throws Exception {
this(strDefaultKey);
}
/**
* 指定密钥构造方法
*
* @param strKey
* 指定的密钥
* @throws Exception
*/
public DesUtils(String strKey) throws Exception {
Security.addProvider(new com.sun.crypto.provider.SunJCE());
Key key = getKey(strKey.getBytes());
encryptCipher = Cipher.getInstance("DES");
encryptCipher.init(Cipher.ENCRYPT_MODE, key);
decryptCipher = Cipher.getInstance("DES");
decryptCipher.init(Cipher.DECRYPT_MODE, key);
}
/**
* 加密字节数组
*
* @param arrB
* 需加密的字节数组
* @return 加密后的字节数组
* @throws Exception
*/
public byte[] encrypt(byte[] arrB) throws Exception {
return encryptCipher.doFinal(arrB);
}
/**
* 加密字符串
*
* @param strIn
* 需加密的字符串
* @return 加密后的字符串
* @throws Exception
*/
public String encrypt(String strIn) throws Exception {
return byteArr2HexStr(encrypt(strIn.getBytes()));
}
/**
* 解密字节数组
*
* @param arrB
* 需解密的字节数组
* @return 解密后的字节数组
* @throws Exception
*/
public byte[] decrypt(byte[] arrB) throws Exception {
return decryptCipher.doFinal(arrB);
}
/**
* 解密字符串
*
* @param strIn
* 需解密的字符串
* @return 解密后的字符串
* @throws Exception
*/
public String decrypt(String strIn) throws Exception {
return new String(decrypt(hexStr2ByteArr(strIn)));
}
/**
* 从指定字符串生成密钥,密钥所需的字节数组长度为8位 不足8位时后面补0,超出8位只取前8位
*
* @param arrBTmp
* 构成该字符串的字节数组
* @return 生成的密钥
* @throws java.lang.Exception
*/
private Key getKey(byte[] arrBTmp) throws Exception {
// 创建一个空的8位字节数组(默认值为0)
byte[] arrB = new byte[8];
// 将原始字节数组转换为8位
for (int i = 0; i < arrBTmp.length && i < arrB.length; i++) {
arrB[i] = arrBTmp[i];
}
// 生成密钥
Key key = new javax.crypto.spec.SecretKeySpec(arrB, "DES");
return key;
}
/**
* main方法 。
* @author 刘尧兴
* @param args
*/
public static void main(String[] args) {
try {
String test = "http://127.0.0.1:8080/abc/rapcommon/member.jsp";
DesUtils des = new DesUtils("leemenz");//自定义密钥
System.out.println("加密前的字符:" + test);
System.out.println("加密后的字符:" + des.encrypt(test));
System.out.println("解密后的字符:" + des.decrypt(des.encrypt(test)));
System.out.println("解密后的字符:" + des.decrypt("2b7129c23b02f1375b2ffc6ebfd3eb7d94ee819e3716184c9c911d95dae331b7b980b906df35ef98040f983227fc609eff25ec610aa9c094"));
}
catch (Exception e) {
e.printStackTrace();
}
}
}
login.jsp
...
...
<%
String tourl = request.getParameter("tourl");
if(tourl!=null&&tourl.length()>1){
tourl = com.phfund.rap.common.MyRedirect.geturl(tourl);
}
%>
...
...
<h:form checkType="blur" method="post"action="org.gocom.abframe.auth.Login.flow">
<input type="hidden" name="tourl" value="<%=tourl%>">
...
...
...
</h:form>