JavaUtils-AuthenticationFilter.template

package com.sd.packagename.common.util;

import entity.User;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import javax.servlet. *;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * @Created with Atom
 * @author @author@
 * @time @now@
 * @description
 * 权限验证 工具类
 *
 **/

public class AuthenticationFilter implements Filter {
  private static Log log = LogFactory.getLog(AuthenticationFilter.class);

  @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest)request;
    String path = req.getServletPath();

    if ((path.indexOf(".action") == -1) && (path.indexOf(".jsp") == -1)) { //只拦截action和jsp
      chain.doFilter(request, response);
      return;
    } else {
      String uri = path.substring(path.lastIndexOf("/", path.length()));
      if (uri.startsWith("/login!") || path.endsWith("/login.action") || path.endsWith("/login.jsp") || path.endsWith("/register.action") || path.endsWith("/register.jsp")) { //登录无需判断权限
        chain.doFilter(request, response);
        return;
      } else {
        HttpSession session = req.getSession();
        User user = (User)session.getAttribute("loginUser");
        if (user == null) {
          log.debug("User doesn't exist in session");
          HttpServletResponse res = (HttpServletResponse)response;
          res.sendRedirect(req.getContextPath() + "/login.action");
        } else {
          chain.doFilter(request, response);
        }
      }
    }
  }

  @Override public void init(FilterConfig filterConfig)throws ServletException {}

  @Override public void destroy() {}
}