权限控制 Filter

权限控制过滤器

一. maven

?
1
2
3
4
5
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
    <version>2.3.1.RELEASE</version>
</dependency>

 二.配置类

编写WebConfig.java

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package com.feng.config;
 
import com.fasterxml.jackson.annotation.JsonProperty;
import com.sun.xml.internal.ws.policy.privateutil.PolicyUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
import java.io.InputStream;
import java.util.Collections;
 
@Configuration
public class WebConfig implements WebMvcConfigurer {
 
    @Value("${cas.config.file:cas-config.properties}")
    private String casConfigFile;
 
    @Bean
    public FilterRegistrationBean<AccessControlFilter> accessControlFilterFilterRegistrationBean(){
        FilterRegistrationBean<AccessControlFilter> accessBean = new FilterRegistrationBean<>();
        accessBean.setFilter(new AccessControlFilter());
        accessBean.addInitParameter("notCheckpathList", "/login,/main.do,/logout.do");
        accessBean.addUrlPatterns("*.do", "*.screen");
        return accessBean;
    }
 
    @Bean
    @Order(2)
    public FilterRegistrationBean<CasFilter> casFilterFilterRegistrationBean(){
        FilterRegistrationBean<CasFilter> filterBean = new FilterRegistrationBean<CasFilter>();
        filterBean.setFilter(new CasFilter());
 
        InputStream ins = this.getClass().getClassLoader().getResourceAsStream(casConfigFile);
        if (ins == null){
            System.out.println("cas config file null");
        }
        filterBean.addInitParameter("cas-config", casConfigFile);
        filterBean.addInitParameter("exludesURI", "/path/*.do,/greeting.do");
        filterBean.setName("cas");
        filterBean.setUrlPatterns(Collections.singletonList("*"));
        return filterBean;
    }
}

 三.编写过滤器

AccessControlFilter.java

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package com.feng.config;
 
import javax.servlet.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
 
/**
 * 权限控制
 */
public class AccessControlFilter implements Filter {
 
    private static String NOT_CHECK_PATH = null;
    private static String TIMEOUT_INFO = "Session time out, Please login again.";
 
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        NOT_CHECK_PATH = filterConfig.getInitParameter("notCheckPathList");
    }
 
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String path = null;
        HttpServletRequest httpServletRequest = null;
        if (servletRequest instanceof HttpServletRequest) {
            httpServletRequest = (HttpServletRequest)servletRequest;
            path = httpServletRequest.getServletPath();
        }
 
        //不需要检查的路径
        if (path != null && (NOT_CHECK_PATH != null && NOT_CHECK_PATH.indexOf(path) != -1)){
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (httpServletRequest.getSession().getAttribute("netsuser") == null) {
            clearSession(httpServletRequest, servletResponse);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }
 
    private void clearSession(HttpServletRequest hRequest, ServletResponse response){
        HttpSession session = hRequest.getSession();
        session.invalidate();
 
        Cookie[] cookies = hRequest.getCookies();
        for (int i = 0; i < cookies.length; i++) {
            if ("SESSION".equals(cookies[i].getName())){
                Cookie cookie = new Cookie("SESSION", "");
                cookie.setDomain("xxx.com.cn");
                cookie.setPath("/");
                cookie.setMaxAge(0);
                cookie.setSecure(true);
                ((HttpServletResponse)response).addCookie(cookie);
            }
 
            if ("flag".equals(cookies[i].getName())){
                Cookie cookie = new Cookie("flag", "");
                cookie.setDomain("xxx.com.cn");
                cookie.setPath("/");
                cookie.setMaxAge(0);
                cookie.setSecure(true);
                ((HttpServletResponse)response).addCookie(cookie);
            }
        }
    }
 
    @Override
    public void destroy() {
 
    }
}

 

posted @   IT6889  阅读(116)  评论(0编辑  收藏  举报
相关博文:
· 资源访问请求过滤
· springboot集成shiro(单机版)和自定义过滤器
· JAVAEE
· Filter实现权限拦截
· Filter 过滤器
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛