Beispiel #1
0
  public void doFilter(
      final ServletRequest request, final ServletResponse response, FilterChain chain)
      throws IOException, ServletException {

    GenericResponseWrapper wrapper = new GenericResponseWrapper((HttpServletResponse) response);
    chain.doFilter(request, wrapper);
  }
  // required doFilter method
  // redirects users trying to access restricted part of site when not logged in
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws java.io.IOException, javax.servlet.ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;
    HttpSession session = req.getSession();

    String loggedIn = (String) session.getAttribute("loggedIn");

    if (loggedIn == null) res.sendRedirect("../pleaselogin.html");
    else if (loggedIn == "yes") chain.doFilter(request, response);
  }
Beispiel #3
0
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
    // session属于http范畴,所以要将ServletRequest转换成httpServletRequest

    try {
      HttpServletRequest req = (HttpServletRequest) request;
      HttpSession session = req.getSession();
      if (session.getAttribute("username") != null) {
        chain.doFilter(request, response);
      } else {
        request.getRequestDispatcher("error.jsp").forward(request, response);
      }
    } catch (RuntimeException e) {
      e.printStackTrace();
    }
  }
Beispiel #4
0
 public void doFilter(ServletRequest request0, ServletResponse response0, FilterChain filterChain)
     throws IOException, ServletException {
   HttpServletRequest request = (HttpServletRequest) request0;
   HttpServletResponse response = (HttpServletResponse) response0;
   if (request.getRequestURI().endsWith(requesturl)) {
     boolean isAjax = "XMLHttpRequest".equals(request.getHeader("X-Requested-With"));
     request.getSession().invalidate();
     if (isAjax) {
       Response<String> kv = new Response<String>();
       kv.setReturncode("00000000");
       kv.setReturnmsg("登出成功");
       outputJson(response, kv);
     } else {
       response.sendRedirect(request.getContextPath() + successurl);
     }
     return;
   }
   filterChain.doFilter(request, response);
 }
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {

    //		权限判断
    StringBuffer sb = new StringBuffer();
    String actionType = null;
    String queryString = null;
    String userid = null;
    String isCanAccess = "1";
    HttpServletRequest hrequest = (HttpServletRequest) request;
    String strContext = hrequest.getContextPath();

    if (request instanceof HttpServletRequest) {

      // 获取用户信息
      userid = (String) hrequest.getSession().getAttribute("AuthorizedUserID");

      strContext = hrequest.getContextPath();
      queryString = hrequest.getQueryString(); // 整个参数串
      actionType = hrequest.getParameter("actionType"); // 一般操作
      if (actionType == null) {
        actionType = hrequest.getParameter("formSN"); // 针对查询的操作
        if (actionType != null) {
          actionType = "formSN=" + actionType;
        }
      } else {
        actionType = "actionType=" + actionType;
      }
    }

    if (actionType != null) { // 如果参数不为空,则判断权限,通过存储过程判断
      DBConnectionManager dbManager = new DBConnectionManager();
      CallableStatement cstmt = null;
      Connection conn = null;
      try {
        conn = dbManager.getConnection();
        String query = "{call pkg_security.userAccessFunction(?,?,?,?)}";
        cstmt = conn.prepareCall(query);
        cstmt.registerOutParameter(1, OracleTypes.VARCHAR);
        cstmt.setString(2, userid);
        cstmt.setString(3, actionType == null ? null : actionType.trim());
        cstmt.setString(4, queryString == null ? null : queryString.trim());
        cstmt.execute();
        isCanAccess = cstmt.getString(1);

      } catch (SQLException e) {
        e.printStackTrace();
      } finally {
        try {
          if (cstmt != null) {
            cstmt.close();
          }
        } catch (Exception ex) {
          if (conn != null)
            try {
              conn.close();
            } catch (SQLException e1) {
              e1.printStackTrace();
            }
        }
        if (conn != null)
          try {
            conn.close();
          } catch (SQLException e1) {
            e1.printStackTrace();
          }
      }
    }

    // 如果没有权限,定位到提示页面。
    if (!isCanAccess.equals("1")) {
      HttpServletResponse out = (HttpServletResponse) response;
      out.sendRedirect(strContext + "/common/erroraccess.jsp");
      return;
    } else {

      // 汉字问题
      HttpServletRequest httpRequest = (HttpServletRequest) request;
      httpRequest.setCharacterEncoding(encoding);
      //  chain.doFilter(request, response);

      // 压缩传输

      HttpServletResponse httpResponse = (HttpServletResponse) response;
      String uri = httpRequest.getRequestURI();

      String transferEncoding = getGZIPEncoding((HttpServletRequest) request);
      if (transferEncoding == null) {
        setResponseHeader(httpResponse, uri, transferEncoding);
        chain.doFilter(request, response);
      } else {
        if (!uri.endsWith("dd.xml")) // 不处理的有哪些??????
        {
          chain.doFilter(request, response);
        } else {
          System.out.println("FrameworkFilter::  Filter handle dd.xml");
          setResponseHeader(httpResponse, uri, transferEncoding);
          httpResponse.setHeader("Content-Encoding", transferEncoding);
          GZIPEncodableResponse wrappedResponse =
              new GZIPEncodableResponse((HttpServletResponse) response);
          chain.doFilter(request, wrappedResponse);
          wrappedResponse.flush();
        }
      }
    }

    //		 Pass control on to the next filter
    // chain.doFilter(request, response);

  }
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws ServletException, IOException {

    chain.doFilter(request, response);
  }
Beispiel #7
0
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;

    // create input/output dir patterns
    String contextPath = httpRequest.getContextPath();
    if (this.inDirPattern == null) {
      // NOTE: Have to do this here because the context path is not
      //       available in init().
      this.inDirPattern =
          Pattern.compile("^" + escape(contextPath) + escape(this.inDirName) + "/(.*)");
      this.outDirPattern =
          Pattern.compile("^" + escape(contextPath) + "/help/[a-z]{2}(?:_[A-Z]{2})?/.*");
      if (ZimbraLog.webclient.isDebugEnabled()) {
        ZimbraLog.webclient.debug("### indir pattern:  " + this.inDirPattern.pattern());
        ZimbraLog.webclient.debug("### outdir pattern: " + this.outDirPattern.pattern());
      }
    }

    // check to see if we need to redirect this request
    String requestUri = httpRequest.getRequestURI();
    if (this.outDirPattern.matcher(requestUri).matches()) {
      // allow it to go through
      chain.doFilter(request, response);
      return;
    }

    // make list of potential locales to check
    Locale preferredLocale = getLocale(httpRequest);
    String language = preferredLocale.getLanguage();
    String country = preferredLocale.getCountry();
    Locale[] locales = {preferredLocale, country != null ? new Locale(language) : null, Locale.US};
    if (ZimbraLog.webclient.isDebugEnabled()) {
      for (Locale locale : locales) {
        ZimbraLog.webclient.debug("locale: " + locale);
      }
    }

    // find out which version of the requested file exists
    Locale actualLocale = preferredLocale;
    Matcher matcher = this.inDirPattern.matcher(requestUri);
    if (!matcher.matches()) {
      httpResponse.sendError(
          HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Help URL doesn't match input pattern.");
      return;
    }

    if (ZimbraLog.webclient.isDebugEnabled()) {
      ZimbraLog.webclient.debug("### filename: " + matcher.group(1));
    }
    String filename = decode(matcher.group(1)).replace('/', File.separatorChar);
    if (ZimbraLog.webclient.isDebugEnabled()) {
      ZimbraLog.webclient.debug("### filename: " + filename);
    }
    File baseDir = new File(this.context.getRealPath("/"));
    if (ZimbraLog.webclient.isDebugEnabled()) {
      ZimbraLog.webclient.debug("### basedir:  " + baseDir);
    }
    for (Locale locale : locales) {
      if (locale == null) continue;
      File file =
          new File(
              baseDir,
              this.outDirName.replaceAll("\\{locale\\}", locale.toString())
                  + File.separatorChar
                  + filename);
      if (file.exists()) {
        actualLocale = locale;
        break;
      }
    }

    // redirect
    String redirectUrl =
        contextPath
            + this.outDirName.replaceAll("\\{locale\\}", actualLocale.toString())
            + "/"
            + filename;
    if (ZimbraLog.webclient.isDebugEnabled()) {
      ZimbraLog.webclient.debug("redirecting to: " + redirectUrl);
    }
    httpResponse.sendRedirect(redirectUrl);
  }