import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class AuthorityFilter implements Filter {
private FilterConfig config;
public void init(FilterConfig config) {
this.config = config;
}
public void destroy() {
this.config = null;
}
// 执行过滤的核心方法
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse resp = (HttpServletResponse) response;
HttpServletRequest req = (HttpServletRequest)request;
// 这里 是跨域.并且在使用单点登录时的配置.. 如果用*号配置,前端无法读取信息,原因不太清楚....
//response.setHeader("Access-Control-Allow-Origin","*");
resp.setHeader("Access-Control-Allow-Origin",req.getHeader("Origin"));
resp.setHeader("Access-Control-Allow-Methods","GET,POST,PUT,DELETE");
// 这里配置cookie时间.
resp.setHeader("Access-Control-Max-Age","1800");
resp.setHeader("Access-Control-Allow-Headers","Origin,X-Requested-with,Content-Type,Accept");
resp.setHeader("Access-Control-Allow-Credentials","true");
// 这里设置 字符集
resp.setCharacterEncoding("UTF-8");
resp.setContentType("text/html;charset=utf-8");
// 获取该Filter的配置参数
// ----这里配置了XML,只接受登录页面,接口 以及 注册页面和接口;
String encoding = config.getInitParameter("encoding");
String loginPage = config.getInitParameter("loginPage");
String loginInterface = config.getInitParameter("loginInterface");
String registerPage = config.getInitParameter("registerPage");
String registerInterface = config.getInitParameter("registerInterface");
// 设置request编码用的字符集
request.setCharacterEncoding(encoding); //
HttpSession session = req.getSession(true);
// 获取客户请求的页面
String requestPath = req.getServletPath();
// 如果session范围的user为null,即表明没有登录
// 且用户请求的既不是登录页面,也不是处理登录的页面
// 获取用户登录的路径,并解析是否 可以放行.
if (req.getRequestURL().toString().indexOf(".") > 0) {
int last = req.getRequestURL().toString().lastIndexOf(".");
String str = req.getRequestURL().toString().substring(last);
if (".js".equals(str) || ".jpg".equals(str) || ".png".equals(str)|| ".do".equals(str)|| ".jsp".equals(str))|| ".jpeg".equals(str) ) {
chain.doFilter(request, response);
// 用户登录之后,要把用户信息以 "us" , user 的形式储存于session作用域
} else if (session.getAttribute("us") == null && !requestPath.endsWith(loginPage)
&& !requestPath.endsWith(loginInterface) && !requestPath.endsWith(registerPage)
&& !requestPath.endsWith(registerInterface)) {
// forward到登录页面
request.getRequestDispatcher(loginPage).forward(request, response);
}
// "放行"请求
else {
chain.doFilter(request, response);
}
}
}
}
// 下面是XML的配置
authority
com.qfedu.utils.AuthorityFilter
encoding
utf-8
loginPage
login.jsp
loginInterface
login.do
<!-- 配置注册界面,和注册接口 不被禁用. -->
<init-param>
<param-name>registerPage</param-name>
<param-value>register.jsp</param-value>
</init-param>
<init-param>
<param-name>registerInterface</param-name>
<param-value>register.do</param-value>
</init-param>
</filter>
<filter-mapping>
<!-- Filter的名字 -->
<filter-name>authority</filter-name>
<!-- Filter负责拦截的URL -->
<url-pattern>/*</url-pattern>
</filter-mapping>
注: 这些是我自己拼装起来的,不保证 是最佳配置,但是感觉很好用.