Web开发对*.jsp的过滤

在web开发过程中,我们首先会在web.xml中配置一下,对每个请求的.jsp文件都需要进行过滤一下,看看用户是否登陆的验证:

<filter>
		<filter-name>sessionFilter</filter-name>
		<filter-class>grp.pt.common.filter.SessionFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>sessionFilter</filter-name>
		<url-pattern>*.jsp</url-pattern>
	</filter-mapping>


那么不管登陆任何*.jsp的时候,总要经过过滤器sessionFilter一回。对应的类:SessionFilter  这个过滤器就是检查用户是否登陆。

public class SessionFilter  implements Filter{
	@Override
	public void destroy() {
	}

	@Override
	public void doFilter(ServletRequest arg0, ServletResponse arg1,
			FilterChain arg2) throws IOException, ServletException {
		
		HttpServletRequest requestHttp = (HttpServletRequest) arg0;
		String path = requestHttp.getServletPath();
		if(path.indexOf("RedirectPage.jsp") > 0 || path.indexOf("Login.jsp")>0)
		{
			arg2.doFilter(arg0, arg1);
			return;
		}
		
		HttpSession session = requestHttp.getSession();
	
		if (session.getAttribute("user") == null) {
			arg0.setAttribute("message", "登陆超时,请重新登陆!");
			RequestDispatcher requestDispatcher = arg0.getRequestDispatcher("/jsp/common/Login.jsp");
			requestDispatcher.forward(arg0, arg1);
			return ;
		}
		arg2.doFilter(arg0, arg1);

	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {

	}

}

可能有人要问,那你的user实在哪里设置进去的呢?         

我们分析一下Login.jsp登陆时发送的请求:

Ext.Ajax.request({
			url : "<%=path%>/common/loginCheck.action",                    //这个地方的loginCheck.action是用对应类的loginCheck()方法来核对用户名和密码的
			method : 'POST',
			form : "myForm",
			params : {
				userCode : usercode,
				userPass : Ext.getDom("txtPassword").value
			},
			// 提交成功的回调函数
			success : function(response, options) {
				if (response.responseText == "OK") {
					window.location.href = "<%=path%>/jsp/common/Index.jsp";
				} else if (response.responseText == "ERROR") {
					Ext.getDom("Validate").innerHTML = "<SPAN style='DISPLAY:inline;COLOR:#960014;font-size:14px'>用户名或密码错误!</SPAN>";
				
				}
			},
			// 提交失败的回调函数
			failure : function(response, options) {
				Ext.getDom("Validate").innerHTML = "<SPAN style='DISPLAY:inline;COLOR:#960014;font-size:14px'>后台数据访问失败!</SPAN>";
			}
		});
   }





我们找到:url : "<%=path%>/common/loginCheck.action


看看关于:user = userService.getUserByCode(userCode);           session.setAttribute("user", user);


package grp.pt.common.action;

import grp.pt.framework.Interfece.IMasterDataService;
import grp.pt.framework.Interfece.IOrgService;
import grp.pt.framework.Interfece.IUserService;
import grp.pt.framework.model.ElementDTO;
import grp.pt.framework.model.Organization;
import grp.pt.framework.model.Session;
import grp.pt.framework.model.User;
import grp.pt.util.MD5;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;
import org.apache.struts2.ServletActionContext;

import assp.evoucher.common.adapter.SignAndDEnvelopeAdaptHandler;

public class LoginAction extends BaseAction{
	private IUserService userService;
	private IOrgService orgService;
	private IMasterDataService masterDataService;
	
	public Logger logger = Logger.getLogger(LoginAction.class);
	
	public IMasterDataService getMasterDataService() {
		return masterDataService;
	}
	public void setMasterDataService(IMasterDataService masterDataService) {
		this.masterDataService = masterDataService;
	}
	public IOrgService getOrgService() {
		return orgService;
	}
	public void setOrgService(IOrgService orgService) {
		this.orgService = orgService;
	}
	public IUserService getUserService() {
		return userService;
	}
	public void setUserService(IUserService userService) {
		this.userService = userService;
	}

	//用户登陆
	public String loginCheck(){
		HttpServletRequest req = ServletActionContext.getRequest();
		//把用户名和密码取过来。
		String userCode = req.getParameter("userCode");
		String userPass = req.getParameter("userPass");
		User user = null;
		HttpSession session = req.getSession();
		//设置过期时间为20分钟
		session.setMaxInactiveInterval(20*60);
		//用户编码校验
		if(userCode != null && userPass != null){
			user = userService.getUserByCode(userCode);
			//如果说这个用户不存在
			if(user == null){
				this.actionWrite("ERROR");
				return null;
			}
		}
		//区划 id code
		//得到所属机构
		Organization  organization = orgService.loadOrgById(user.getBelong_org());
		//如果说机构不为null
		if(organization != null){
			//得到所属区划
			long rg_id = organization.getRg_id();
			Session userSession = new Session();
			//得到所属的一级部门
			userSession.setTop_org(user.getBelong_org());
			//根据要素编码查询对于的要素(实际上是从数据字典里面查,然后赋给也是一个基础数据结构
			ElementDTO dto = masterDataService.loadEleValueById(userSession , "REGION", rg_id);
			
			session.setAttribute("rg_id", rg_id);
			session.setAttribute("rg_code", dto.getCode());
			session.setAttribute("is_top_region", dto.getParent_id() == 0 ?1+"" : 0+"");
			userSession.setRgCode(dto.getCode());
			//dto.getCode得到编码
			user.setRg_code(dto.getCode());
		}
		//用户密码证书校验
	
		            //userCode是从客户端取出来的
					if(userService.verifyUserPwd(userCode, MD5.createPassword(userPass))){	
						session.setAttribute("user", user);
						this.actionWrite("OK");
					}else{
						this.actionWrite("ERROR");
					}
					return null;
		}
	
	
   public boolean checks(String s1,String[] s2){
		  String s=s1;
		  for(String s3:s2){
			  if(s.equals(s3)){
				 return true;
			  }
		  }
	   
	return false;
	   
   }
	
 //检测用户名
	public String loginChe(){
		HttpServletRequest req = ServletActionContext.getRequest();
		HttpServletResponse response=ServletActionContext.getResponse();
		String userCode = req.getParameter("userCode");
		User user = null;
			user = userService.getUserByCode(userCode);
			
			if(user == null){
				this.actionWrite("该用户不存在!"); 
				return null;
			}else{
				String username=user.getName();
				 
				response.setContentType("textml;charset=UTF-8");
				int logintype=user.getLogin_level();
				
				if(logintype==0){
					this.actionWrite("OK,"+username+","+userCode);
				}else if(logintype==1){
					this.actionWrite("OK1,"+username+","+userCode);	
					
				}else{
					throw new RuntimeException("用户登录级别有问题:"+logintype+"级");
				}
			}
			return null;
		}
	
	//UKEY用户登录
	public String checkUkey(){
		HttpServletRequest res=ServletActionContext.getRequest();
		HttpSession session = res.getSession();
		User user = null;
		String userCode = res.getParameter("userCode");
		user = userService.getUserByCode(userCode);
		if(user == null){
			this.actionWrite("ERROR"); 
			return null;
		}else{
			
			Organization  organization = orgService.loadOrgById(user.getBelong_org());
			if(organization != null){
				
				long rg_id = organization.getRg_id();
				Session userSession = new Session();
				userSession.setTop_org(user.getBelong_org());
				ElementDTO dto = masterDataService.loadEleValueById(userSession , "REGION", rg_id);
				session.setAttribute("rg_id", rg_id);
				session.setAttribute("rg_code", dto.getCode());
				session.setAttribute("is_top_region", dto.getParent_id() == 0 ?1+"" : 0+"");
				userSession.setRgCode(dto.getCode());
				user.setRg_code(dto.getCode());
				
				
				

			}
			
		String signword=res.getParameter("signword");
		String orgword=res.getParameter("testword");
		byte[] originData=orgword.getBytes();
		
		int result = -1;
		try {
			result = SignAndDEnvelopeAdaptHandler.verifyServerMessage(signword.getBytes(),originData);
			if(result==0){
				session.setAttribute("user", user);
				this.actionWrite("OK");
			}else{
				this.actionWrite("ERROR");
			}
		} catch (Exception e) {
			logger.error(e);
			this.actionWrite("ERROR");
		}
		}
		return null;
		
	}
	//用户注销
	public String logoff() throws Exception{
		HttpServletRequest req = ServletActionContext.getRequest();
		HttpSession session = req.getSession();
		if(session != null) {
			session.removeAttribute("user");
		}
		this.actionWrite("OK");
		return null;
		
	}
	
	
	//检验证书匹配
	public String checktype(){
		HttpServletRequest req = ServletActionContext.getRequest();
		User user = null;
		String sn=req.getParameter("user_sn");
		String userCode = req.getParameter("userCode");
		user = userService.getUserByCode(userCode);
		if(user == null){
			this.actionWrite("ERROR"); 
			return null;
		}else{
			String ukeysn=user.getSn();
			String[] names=sn.split(",");
			
			if(checks(ukeysn,names)){
				this.actionWrite("OK"+","+ukeysn); 
			}else{
				this.actionWrite("ERROR"+","+"wo");
			}
			
		}
		return null;
		
	}
	
	public String goRealware(){
		HttpServletRequest res=ServletActionContext.getRequest();
		HttpSession session = res.getSession();
		User user = null;
		String userCode = res.getParameter("userCode");
		String sessionID=res.getParameter("sessionID");
		user = userService.getUserByCode(userCode);
		
		if(orgService.querySessionByCode(userCode,sessionID)>0){
			orgService.deleteSessionByCode(userCode);
			Organization  organization = orgService.loadOrgById(user.getBelong_org());
			if(organization != null){
				long rg_id = organization.getRg_id();
				Session userSession = new Session();
				userSession.setTop_org(user.getBelong_org());
				ElementDTO dto = masterDataService.loadEleValueById(userSession , "REGION", rg_id);
				session.setAttribute("rg_id", rg_id);
				session.setAttribute("rg_code", dto.getCode());
				session.setAttribute("is_top_region", dto.getParent_id() == 0 ?1+"" : 0+"");
				userSession.setRgCode(dto.getCode());
				user.setRg_code(dto.getCode());
				
				session.setAttribute("user", user);
				return "Success";
				
			}
			
		
		}
		return null;	
	}
}

	










;