package com.yihu.base.filters; import java.io.IOException; import java.util.ArrayList; import java.util.List; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.lang3.StringUtils; import com.yihu.base.SessionBean; /** * 权限过滤 * * @author Administrator * */ public class SecurityFilter implements Filter { private List excludeList;//不做过滤的地址 public void destroy() { } /** * 过滤器 */ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; HttpSession session = request.getSession(true); chain.doFilter(req, res); // String loginPath ="/ApmWeb/app/appLogin.html"; // String path = request.getServletPath(); // path = path.substring(1, path.length()); // if(excludeList.contains(path)||( path.indexOf('?')<0&&(path.endsWith(".css")||path.endsWith(".js")||path.endsWith(".png")||path.endsWith(".jpg")||path.endsWith(".gif")))){ // chain.doFilter(req, res); // return; // } // try { // // // if (request.getSession().getAttribute("apmUser") == null) { // String requestType = request.getHeader("X-Requested-With"); // //response.sendRedirect("login.html"); // if (!StringUtils.isEmpty(requestType) && requestType.equalsIgnoreCase("XMLHttpRequest")) { // response.setStatus(911); // response.setHeader("sessionstatus", "timeout"); // response.addHeader("loginPath", loginPath); // return; // } else { // response.sendRedirect(loginPath); // return; // } // }else { // chain.doFilter(req, res); // // } // } catch (Exception e) { // e.printStackTrace(); // } } public void init(FilterConfig config) throws ServletException { excludeList = new ArrayList(); String excludeStr = config.getInitParameter("exclude"); String[] arr = excludeStr.split(","); for(String str:arr){ excludeList.add(str.trim()); } } public static void main(String[] args) { String str = "/abd/aa.jspss"; // /abc/abc2/abc.shtml List list = new ArrayList(); list.add("在在在"); list.add("/abc/*.shtml"); list.add("/*.jsp"); list.add("/ab/*"); list.add("/login.jsp"); list.add("/dd/*.jsp"); //System.out.println(isFilterUrl(str, list)); } /** * 过滤URL地址 支持: /* : 所有目录 /*.jsp,/*.do : 根目录,以指定后辍名结尾的 /ab/*.do , /ab/* : 某个目录下有所有指定后辍名结尾的 *.jsp,*.do : 过滤指定后辍名结尾的 * * @param servletPath * URL地址 * @return 返回是否过滤 */ public static boolean isFilterUrl(String servletPath, List list) { servletPath = servletPath.toLowerCase().trim(); // 转成小写的 StringBuffer startStr; // * 号前面的字符串 StringBuffer endStr; // * 号后面的字符串 StringBuffer middleStr; // 对访问路径去除*号前后的字符串 for (String filterUrl : list) { filterUrl = filterUrl.toLowerCase().trim(); if (filterUrl.equals("/*")) { // 如果是有 /* 则所有都通过 return true; } if (filterUrl.equalsIgnoreCase(servletPath)) { // 如果访问路径与列表中的一致,返回正确 return true; } if (filterUrl.indexOf("*.") == 0) { // 如果是 "*." 号在前面,后面是后辍名的 例如: // *.js ,*.jsp,*.do if (servletPath.endsWith(filterUrl.substring(1))) return true; } if (filterUrl.indexOf("*") >= 1) { // 在有 "*" 号的情况下 startStr = new StringBuffer(filterUrl.substring(0, filterUrl.indexOf("*"))); endStr = new StringBuffer(filterUrl.substring(filterUrl.indexOf("*") + 1, filterUrl.length())); if (servletPath.startsWith(startStr.toString()) && servletPath.endsWith(endStr.toString())) { middleStr = new StringBuffer(servletPath.substring(startStr.length(), servletPath.length() - endStr.length())); if (middleStr.indexOf("/") == -1) { return true; } } } } return false; } }