gpt4 book ai didi

java - 为我的网络应用程序编写授权过滤器(JSF 2.0)

转载 作者:塔克拉玛干 更新时间:2023-11-02 08:26:06 26 4
gpt4 key购买 nike

根据一些建议,我决定为我的网络应用程序编写我自己的授权过滤器(我没有使用容器管理的安全性,所以我必须这样做)。

这是我的第一个过滤器,所以我对如何实现它有点困惑。这是我到目前为止所做的:

package filters;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import entities.Role;

public class RestrictPageFilter implements Filter {

FilterConfig fc;

public void init(FilterConfig filterConfig) throws ServletException {
// The easiest way to initialize the filter
fc = filterConfig;
}

public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String pageRequested = req.getRequestURL().toString();

Role currentUser = (Role) session.getAttribute("userRole");

//Pages that are allowed with no need to login:
//-faq.xhtml
//-index.jsp
//-login.xhtml
//-main.xhtml
//-registration.xhtml

//NOW pages that are restricted depending on the type of user
//buyoffer.xhtml(Only BUYER)
//sellerpanel.xhtml(Only SELLER)
//adminpanel.xhtml(Only ADMINISTRATOR)

//HOW SHOULD I IMPLEMENT THAT??
if(currentUser != null && currentUser.getType().equals("BUYER")) {

}
if(currentUser != null && currentUser.getType().equals("SELLER")) {

}
if(currentUser != null && currentUser.getType().equals("ADMINISTRATOR")) {

}


}

public void destroy() {
// Not needed
}
}

如您所见,我在卡住的地方留下了评论。有人可以帮助我完成这个过滤器或者给我一些伪代码提示我应该如何完成它?

我在网络上看到了一些示例,但它们都没有根据用户类型进行不同的过滤。

非常感谢您的帮助:)

更新

我创建了一个 xml 文件来帮助我进行过滤(它位于 WEB-INF/classes 中)

<access>
<buyer>
<page>buyoffer.xhtml</page>
<page>faq.xhtml</page>
<page>index.jsp</page>
<page>login.xhtml</page>
<page>main.xhtml</page>
<page>registrationSucceded.xhtml</page>
</buyer>
<seller>
<page>sellerpanel.xhtml</page>
<page>faq.xhtml</page>
<page>index.jsp</page>
<page>login.xhtml</page>
<page>main.xhtml</page>
<page>registrationSucceded.xhtml</page>
</seller>
<administrator>
<page>sellerpanel.xhtml</page>
<page>faq.xhtml</page>
<page>index.jsp</page>
<page>login.xhtml</page>
<page>main.xhtml</page>
<page>registrationSucceded.xhtml</page>
</administrator>
</access>

<!-- THE REGISTRATION PAGES SHOULD NOT BE ACCESSIBLE IF THE USER IS LOGGED IN -->

我从 init() 方法读取文件。()

public class RestrictPageFilter implements Filter {

private FilterConfig fc;
private InputStream in;

public void init(FilterConfig filterConfig) throws ServletException {
// The easiest way to initialize the filter
fc = filterConfig;
//Get the file that contains the allowed pages
in = this.getClass().getResourceAsStream("/allowedpages.xml");
}

public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String pageRequested = req.getRequestURL().toString();

//Get the value of the current logged user
Role currentUser = (Role) session.getAttribute("userRole");
if (currentUser != null) {

}
}

public void destroy() {
// Not needed
}
}

最佳答案

如果您需要允许访问,只需调用

// it will process request normally, means it will leave the control from Filter
chain.doFilter(request, response);

如果你想限制用户然后调用

//take some action
response.sendRedirect("URL to some page");//it will simply make user redirected

一些建议

  • 使用某种属性文件的 XML 使其可配置,您的代码对我来说似乎很难,明天可能会添加另一个页面,因此您需要重新编译您的过滤器。

  • 如果允许,那么只需使用 Spring Security,它具有不错的功能。而且你不会重新发明轮子

关于java - 为我的网络应用程序编写授权过滤器(JSF 2.0),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5662367/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com