微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

为我的Web应用程序JSF 2.0编写授权过滤器

如何解决为我的Web应用程序JSF 2.0编写授权过滤器

| 遵循一些建议,我决定为自己的Web应用程序编写自己的授权过滤器(我没有使用容器管理的安全性,因此我必须采用这种方式)。 这是我的第一个过滤器,因此我对如何实现它感到有些困惑。 这是我到目前为止所做的:
package filters;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.servletexception;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import entities.Role;

public class RestrictPageFilter implements Filter {

    FilterConfig fc;

    public void init(FilterConfig filterConfig) throws servletexception {
        // The easiest way to initialize the filter
        fc = filterConfig;
    }

    public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws IOException,servletexception {

        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;
        HttpSession session = req.getSession(true);
        String pageRequested = req.getRequestURL().toString();

        Role currentUser = (Role) session.getAttribute(\"userRole\");

        //Pages that are allowed with no need to login:
        //-faq.xhtml
        //-index.jsp
        //-login.xhtml
        //-main.xhtml
        //-registration.xhtml

        //Now pages that are restricted depending on the type of user
        //buyoffer.xhtml(Only BUYER)
        //sellerpanel.xhtml(Only SELLER)
        //adminpanel.xhtml(Only ADMINISTRATOR)

        //HOW SHOULD I IMPLEMENT THAT??
        if(currentUser != null && currentUser.getType().equals(\"BUYER\")) {          

        }
        if(currentUser != null && currentUser.getType().equals(\"SELLER\")) {         

        }
        if(currentUser != null && currentUser.getType().equals(\"ADMINISTRATOR\")) {          

        }


    }

    public void destroy() {
        // Not needed
    }
}
如您所见,我在此处卡住的地方留下了评论。有人可以帮我整理一下此过滤器,还是给我一些伪代码提示,我应该如何完成呢? 我在网上看到了一些示例,但是没有一个示例根据用户类型进行不同的过滤。 不胜感激您的帮助:) 更新资料 我创建了一个xml文件来帮助我进行过滤(它位于WEB-INF / classes内部)
<access>
    <buyer>
        <page>buyoffer.xhtml</page>
        <page>faq.xhtml</page>
        <page>index.jsp</page>
        <page>login.xhtml</page>
        <page>main.xhtml</page>
        <page>registrationSucceded.xhtml</page>     
    </buyer>
    <seller>
        <page>sellerpanel.xhtml</page>
        <page>faq.xhtml</page>
        <page>index.jsp</page>
        <page>login.xhtml</page>
        <page>main.xhtml</page>
        <page>registrationSucceded.xhtml</page>     
    </seller>
    <administrator>
        <page>sellerpanel.xhtml</page>
        <page>faq.xhtml</page>
        <page>index.jsp</page>
        <page>login.xhtml</page>
        <page>main.xhtml</page>
        <page>registrationSucceded.xhtml</page>     
    </administrator>
</access>

<!-- THE REGISTRATION PAGES SHOULD NOT BE ACCESSIBLE IF THE USER IS LOGGED IN -->
我从init()方法读取文件
public class RestrictPageFilter implements Filter {

    private FilterConfig fc;
private InputStream in;

    public void init(FilterConfig filterConfig) throws servletexception {
        // The easiest way to initialize the filter
        fc = filterConfig;
        //Get the file that contains the allowed pages
        in = this.getClass().getResourceAsstream(\"/allowedpages.xml\");
    }

    public void doFilter(ServletRequest request,servletexception {

        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;
        HttpSession session = req.getSession(true);
        String pageRequested = req.getRequestURL().toString();

        //Get the value of the current logged user 
        Role currentUser = (Role) session.getAttribute(\"userRole\");
        if (currentUser != null) {

        }
    }

    public void destroy() {
        // Not needed
    }
}
    

解决方法

如果您需要允许访问,只需致电
// it will process request normally,means it will leave the control from Filter
chain.doFilter(request,response);
如果您想限制用户,请致电
//take some action
response.sendRedirect(\"URL to some page\");//it will simply make user redirected 
一些建议 使用某种XML属性文件使其可配置,您的代码对我来说似乎很难,明天可能会添加另一个页面,因此您需要重新编译您的Filter。 如果允许,那么只需使用Spring Security,它就会具有不错的功能。你也不会发明轮子     

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。