Esempio n. 1
0
 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
     throws IOException, ServletException {
   HttpServletRequest request = (HttpServletRequest) req;
   HttpServletResponse response = (HttpServletResponse) resp;
   String url = request.getRequestURI();
   // 如果
   if (url.indexOf("/login.jsp") > -1) {
     // 首先判断session里是否有用户
     HttpSession session = request.getSession(true);
     UserModel user = (UserModel) session.getAttribute("user");
     // 1、获取当前主站的cookie值
     Cookie[] cookies = request.getCookies();
     String cookieValue = null;
     // 下面是找到本项目的cookie
     if (cookies != null) {
       for (int i = 0; i < cookies.length; i++) {
         if (cookieDomainName.equals(cookies[i].getName())) {
           cookieValue = cookies[i].getValue();
           break;
         }
       }
     }
     // 2、判断cookie是否为空,如果不是,则翻译cookie
     if (cookieValue != null) {
       // 先得到的CookieValue进行Base64解码
       String cookieValueAfterDecode = new String(Base64.decodeBase64(cookieValue), "utf-8");
       // 对解码后的值进行分拆,得到一个数组,如果数组长度不为3,就是非法登陆,清理cookie跳转到登陆页面
       String cookieValues[] = cookieValueAfterDecode.split(":");
       if (cookieValues.length == 4) {
         long validTimeInCookie = new Long(cookieValues[1]);
         if (validTimeInCookie > System.currentTimeMillis()) {
           String userName = cookieValues[0];
           if (userName != null && user != null) {
             // 如果cookie里的用户和session用户一至则直接判断跳转
             if (userName.equals(user.getLoginName())) {
               loginService.jugeUserRole(request, response);
             }
           } else if (user == null) {
             request.setAttribute("userName", userName);
           }
         }
       } else {
         // 如果所有判断都失败,则清理cookie并跳转到登陆页面
         UserCookieUtil.clearCookie(response);
       }
     }
   }
   chain.doFilter(request, response);
 }
  /**
   * 控制模块访问
   *
   * @param request
   * @param response
   * @param url
   * @return null
   * @throws Exception
   */
  @RequestMapping(value = "/ConditRightController")
  public String conditRightModule(
      HttpServletRequest request, HttpServletResponse response, String url, String country)
      throws Exception {
    JSONObject jsonObject = new JSONObject();
    UserModel user = (UserModel) request.getSession().getAttribute("user");
    // 获取当前请求的controller路径
    String urlPath = (String) authorityFieldModel.getAuthorityFieldMap().get(user.getUserDesc());
    // 针对对比分析控制按次用户不能访问
    if (user.getUserDesc().equals("按次用户")) {
      if (urlPath.contains(url)) {
        // 提示
        CommonConstantUtil.jsonObject(user, jsonObject);
      }
    } else {
      if (urlPath.contains(url)) {
        // 提示
        CommonConstantUtil.jsonObject(user, jsonObject);
      } else if (urlPath.equals("superUserDownload")) {
        // 超级用户可以下载全部
      } else {

        System.out.println("能否下载:" + authorityFieldModel.getAuthorityFieldMap().get("give"));
        //				String give = null;
        //				//加上同步锁
        //				synchronized (this) {
        //					give =  (String) AuthorityFieldModel.getAuthorityFieldMap().get("give");
        //				}
        // 针对赠送的国家没有下载权限
        //				if(give!=null){
        if (!AuthorityComponentUtil.judgeIsDownload(
            (List<ConditionRightModel>) request.getSession().getAttribute("authorityInfo"),
            country)) {
          String notDownLoad =
              (String) authorityFieldModel.getAuthorityFieldMap().get("notGiveDownLoad");
          if (notDownLoad.contains(url)) {
            // 提示
            CommonConstantUtil.jsonObject(user, jsonObject);
          }
        }
        //				}

      }
    }
    jsonObject.put("user_desc", user.getUserDesc());
    response.getWriter().write(jsonObject.toString());
    return null;
  }