|
配置文件如下:  <filter> <filter-name>actionrolefilter</filter-name> <display-name>Openlot Action Role Filter</display-name> <filter-class>com.openlot.controller.web.authorisation.AclFilter</filter-class> </filter> <filter-mapping> <filter-name>actionrolefilter</filter-name> <servlet-name>action</servlet-name> </filter-mapping> <servlet> <servlet-name>action</servlet-name> <servlet-class>com.opensymphony.webwork.dispatcher.ServletDispatcher</servlet-class> <load-on-startup>1</load-on-startup> </servlet> public class AclFilter implements Filter { private static final Logger logger = Logger.getLogger(AclFilter.class); public static final String SIGN_IN_KEY = "sign_in"; public static final String SIGN_IN_MESSAGE = "You're not logged in"; public static final String AUTHORISATION_FAILED_MESSAGE = "You are not authorized to view this page"; public static final String USER_PORTAL = "/portal!default.action"; public static final String ADMIN_PORTAL = "/adminPortal!default.action"; public static final String INDEX_JSP = "/index.jsp"; private FilterConfig mConfig; public void init(FilterConfig config) throws ServletException { logger.info("initializing ACL Filter"); mConfig = config; } public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpSession session = httpRequest.getSession(); String requestURI = httpRequest.getRequestURI(); String role = (String) session.getAttribute("role"); // TODO: Should not be hardcoded. if (requestURI.matches(".*[lL]ogin.*") || requestURI.matches(".*logout.*") || requestURI.matches(".*registration.*") || requestURI.matches(".*selectEnglish.*") || requestURI.matches(".*selectLanguage.*") || requestURI.matches(".*forgotpass.*") || requestURI.matches(".*activeuser.*") || requestURI.matches(".*result.*") || requestURI.matches(".*directplayerhistory.*") || requestURI.matches(".*playerhistory.*") || requestURI.matches(".*addFunds.*") || requestURI.matches(".*processCupPayByInvoke.*") || requestURI.matches(".*purchase.*") || requestURI.matches(".*news.*") || requestURI.matches(".*download.*") || requestURI.matches(".*alipayPayInvoke.*") || requestURI.matches(".*wappush.*") || requestURI.matches(".*trustedService.*") || requestURI.matches(".*selectSwahili.*")) { chain.doFilter(request, response); } else { Long userId = (Long) session.getAttribute(BaseActionSupport.USER_ID_KEY); Long adminId = (Long) session.getAttribute(BaseActionSupport.ADMIN_ID_KEY); if (userId == null && adminId == null) { session.setAttribute(SIGN_IN_KEY, SIGN_IN_MESSAGE); logger.info("added signin error message"); mConfig.getServletContext().getRequestDispatcher( INDEX_JSP).forward(request, response); } else { if (hasAccess(role, requestURI)) { logger.info("authorised access to resource '" + requestURI + "'"); chain.doFilter(request, response); } else { logger.info("unauthorised access to resource '" + requestURI + "'"); session.setAttribute(SIGN_IN_KEY, AUTHORISATION_FAILED_MESSAGE); mConfig.getServletContext().getRequestDispatcher( getPortal(userId, adminId)).forward(request, response); } } } } public void destroy() {} private boolean hasAccess(String roleId, String requestURI) { Role role = Role.getInstance(); return role.hasAccess(roleId, requestURI); } private String getPortal(Long userId, Long adminId) { if (userId != null) return USER_PORTAL; else if (adminId != null) return ADMIN_PORTAL; else return INDEX_JSP; }} public boolean hasAccess(String role, String requestURI) { if (role == null) return false; List patterns = (List) mRoleMap.get(role); Iterator iter = patterns.iterator(); while (iter.hasNext()) { String pattern = (String) iter.next(); if (Pattern.matches(pattern, requestURI)) return true; } return false; } |
|
|
