public class PowerFilter implements Filter {
@Override
public void destroy() {}@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
// 获得用户请求的URI
String path = req.getRequestURI(); //请求地址
String newpath=req.getServerName(); //域名
StringBuffer allpath=new StringBuffer();
allpath.append(newpath).append(path);
Object obj=req.getSession().getAttribute("logEmp");
if(obj==null || "".equals(obj)){
res.sendRedirect("http://mgr.3weidu.com/bsm/admin_login.jsp");
return;
}
//检测权限
StringBuffer result=new StringBuffer();
AdminEmployee emp=(AdminEmployee)obj;
//超级管理员身份
String adminstr=req.getSession().getAttribute("isadmin").toString();
if("yes".equals(adminstr)){
}
//普通会员身份
if("no".equals(adminstr)){
List<ResourcePowers> hisAllPowers;
try {
hisAllPowers = HasPower.powersResoures(emp.getEmpNumber(), emp.getPositionID(), 1002);
List<PowerResource> allPowers=AllPowerResource.getGrantResource();
//有操作权限
List<String> vlist=new ArrayList<String>();
if(hisAllPowers.size()>0){
for (int i = 0; i < hisAllPowers.size(); i++) {
vlist.add(hisAllPowers.get(i).getResourceURL());
}
}
for (int i = 0; i < vlist.size(); i++) {
String nowStr=vlist.get(i);
if(!vlist.contains(nowStr)){
vlist.add(nowStr);
}
}
//筛选没有的权限
for (int i = 0; i < allPowers.size(); i++) {
int count=0;
for (int j = 0; j < vlist.size(); j++) {
if(allPowers.get(i).getResourceURL().equals(vlist.get(j))){
count++;
break;
}
}
if(count==0){
//不属于该用户的权限
if("".equals(result.toString())){
result.append(allPowers.get(i).getResourceURL());
}else{
result.append(",").append(allPowers.get(i).getResourceURL());
}
}
}
String powerResult=result.toString();
if (powerResult.contains(path)) {
req.setAttribute("info", "您无此操作权限-->返回");
res.sendRedirect("/bsm/jsp/publicjsp/nowpower.jsp");
return;
}
/*String[] nowPowerArry=powerResult.split(",");
for (String str : nowPowerArry) {
if(path.equals(str)){
req.setAttribute("info", "您无此操作权限-->返回");
res.sendRedirect("/bsm/jsp/publicjsp/nowpower.jsp");
return;
}
}*/
} catch (Exception e) {
e.printStackTrace();
}
}
}@Override
public void init(FilterConfig config) throws ServletException {}}
xml配置
<!--后台权限过滤器 开始 -->
<filter>
<filter-name>WebPowerFilter</filter-name>
<filter-class>com.threeweidu.pepos.util.LogiPowerFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>WebPowerFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--后台权限过滤器 结束 -->
@Override
public void destroy() {}@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
// 获得用户请求的URI
String path = req.getRequestURI(); //请求地址
String newpath=req.getServerName(); //域名
StringBuffer allpath=new StringBuffer();
allpath.append(newpath).append(path);
Object obj=req.getSession().getAttribute("logEmp");
if(obj==null || "".equals(obj)){
res.sendRedirect("http://mgr.3weidu.com/bsm/admin_login.jsp");
return;
}
//检测权限
StringBuffer result=new StringBuffer();
AdminEmployee emp=(AdminEmployee)obj;
//超级管理员身份
String adminstr=req.getSession().getAttribute("isadmin").toString();
if("yes".equals(adminstr)){
}
//普通会员身份
if("no".equals(adminstr)){
List<ResourcePowers> hisAllPowers;
try {
hisAllPowers = HasPower.powersResoures(emp.getEmpNumber(), emp.getPositionID(), 1002);
List<PowerResource> allPowers=AllPowerResource.getGrantResource();
//有操作权限
List<String> vlist=new ArrayList<String>();
if(hisAllPowers.size()>0){
for (int i = 0; i < hisAllPowers.size(); i++) {
vlist.add(hisAllPowers.get(i).getResourceURL());
}
}
for (int i = 0; i < vlist.size(); i++) {
String nowStr=vlist.get(i);
if(!vlist.contains(nowStr)){
vlist.add(nowStr);
}
}
//筛选没有的权限
for (int i = 0; i < allPowers.size(); i++) {
int count=0;
for (int j = 0; j < vlist.size(); j++) {
if(allPowers.get(i).getResourceURL().equals(vlist.get(j))){
count++;
break;
}
}
if(count==0){
//不属于该用户的权限
if("".equals(result.toString())){
result.append(allPowers.get(i).getResourceURL());
}else{
result.append(",").append(allPowers.get(i).getResourceURL());
}
}
}
String powerResult=result.toString();
if (powerResult.contains(path)) {
req.setAttribute("info", "您无此操作权限-->返回");
res.sendRedirect("/bsm/jsp/publicjsp/nowpower.jsp");
return;
}
/*String[] nowPowerArry=powerResult.split(",");
for (String str : nowPowerArry) {
if(path.equals(str)){
req.setAttribute("info", "您无此操作权限-->返回");
res.sendRedirect("/bsm/jsp/publicjsp/nowpower.jsp");
return;
}
}*/
} catch (Exception e) {
e.printStackTrace();
}
}
}@Override
public void init(FilterConfig config) throws ServletException {}}
xml配置
<!--后台权限过滤器 开始 -->
<filter>
<filter-name>WebPowerFilter</filter-name>
<filter-class>com.threeweidu.pepos.util.LogiPowerFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>WebPowerFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--后台权限过滤器 结束 -->
