1. 首頁
  2. 問答
  3. 篩選器幫助 - 獲取2個篩選器以相互協作

篩選器幫助 - 獲取2個篩選器以相互協作

2009-08-10 35 views
0

我已經爲普通用戶編寫了2個篩選器,爲管理員編寫了1個篩選器,但您必須是admin才能登錄。這裏是我的兩個過濾器的源代碼:篩選器幫助 - 獲取2個篩選器以相互協作

public class newFilter implements Filter { 
String UUIDInDB; 
String UUIDInCookie; 

public void init(FilterConfig filterConfig) throws ServletException { 
    //To change body of implemented methods use File | Settings | File Templates. 
} 

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { 
    HttpServletRequest req = (HttpServletRequest) servletRequest; 
    HttpServletResponse res = (HttpServletResponse) servletResponse; 

    Cookie[] cookies = req.getCookies(); 

    UUIDInCookie = getCookieValue(cookies,"pubweb", "noCookie"); 

    if(UUIDInCookie.equals("noCookie")){ 
     Cookie cookie = new Cookie("pubweb","noCookie"); 
     cookie.setMaxAge(1); 
     res.addCookie(cookie); 
     res.sendRedirect("../Login.jsp"); 
     return ; 
    } 

    checkDatabase(); 

    if(UUIDInCookie.equals(UUIDInDB)){ 
     filterChain.doFilter(servletRequest, servletResponse); 
     System.out.println("Is allowed thorugh"); 
    } else if(UUIDInCookie.equals("noCookie")){ 
     res.sendRedirect("../Login.jsp"); 
     System.out.println("Isn't allowed thorugh");    
    } else { 
     res.sendRedirect("../Login.jsp"); 
     System.out.println("Isn't allowed thorugh"); 
    } 
} 

public void destroy() { 
    //To change body of implemented methods use File | Settings | File Templates. 
} 

public void checkDatabase(){ 
    try { 
     Class.forName("com.mysql.jdbc.Driver"); 
    } catch (ClassNotFoundException e) { 
     e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. 
    } 

    /* 
    The next lines allow you to change the username and password for the password. 
    */ 
    String username = "username"; 
    String password = "password"; 

    /* 
    The following line is the url. This can be changed to bring in to line with the database. 
    */ 
    String dbURL = "jdbc:mysql://localhost/hpsgdb?user=" 
      + username + "&password=" + password; 
    /* 
    This line connects to the database to the information presented earlier. 
    */ 

    java.sql.Connection myConnection = null; 
    try { 
     myConnection = DriverManager.getConnection(dbURL); 
     System.out.println("Connected to Database."); 
    } catch (SQLException e) { 
     e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. 
    } 
    /* 
    The next line creates a query on the database. The query is that you want exacuted is on the next line. 
    */ 
    Statement stat = null; 
    try { 
     stat = (Statement) myConnection.createStatement(); 
    } catch (SQLException e) { 
     e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. 
    } catch (NullPointerException e){ 
     e.printStackTrace(); 
    } 

    try { 
     ResultSet rs; 
     rs = stat.executeQuery("SELECT * from uuid where uuid='" + UUIDInCookie + "';"); 
     System.out.println("Executed Query."); 
     int count = 0; 
     while(rs.next()) 
     UUIDInDB = rs.getString("uuid") ; 
     System.out.println(UUIDInDB); 
     rs.close(); 
     myConnection.close(); 
    } catch (SQLException e) { 
     e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. 
    } catch (NullPointerException e){ 
     e.printStackTrace(); 
    } 
} 

public static String getCookieValue(Cookie[] cookies, 
            String cookieName, 
            String defaultValue) throws IOException { 
    int length = cookies.length; 
    System.out.println(length); 
    try{ 
    for(int i=0; i<length; i++) { 
     Cookie cookie = cookies[i]; 
     if (cookieName.equals(cookie.getName())) { 
      System.out.println(cookies.length); 
      return(cookie.getValue()); 
     } else { 
      return defaultValue; 
     } 
    } } catch (NullPointerException e){ 
     e.printStackTrace(); 
     HttpServletResponse res = null; 
     res.sendRedirect("../Login.jsp"); 
    } 
    return(defaultValue); 
} 
}

其他過濾:

public class adminFilter implements Filter { 
String UUIDInDB; 
String UUIDInCookie; 
int role; 

public void destroy() { 
} 

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws ServletException, IOException { 
    HttpServletRequest req = (HttpServletRequest) servletRequest; 
    HttpServletResponse res = (HttpServletResponse) servletResponse; 

    Cookie[] cookies = req.getCookies(); 

    UUIDInCookie = getCookieValue(cookies,"pubweb", "noCookie"); 
    // role = Integer.parseInt(getCookieValue(cookies,"pubwebRole", "2")); 

    if(UUIDInCookie.equals("noCookie")){ 
     Cookie cookie = new Cookie("pubweb","noCookie"); 
     cookie.setMaxAge(1); 
     res.addCookie(cookie); 
     res.sendRedirect("../Login.jsp"); 
     return ; 
    } 

    checkDatabase(); 

    if(UUIDInCookie.equals(UUIDInDB) && role == 1){ 
     chain.doFilter(servletRequest, servletResponse); 
    } else if(UUIDInCookie.equals("noCookie")){ 
     res.sendRedirect("../Login.jsp"); 
    } else if (role == 2){ 
     res.sendRedirect("/"); 
    } else { 
     res.sendRedirect("../Login.jsp"); 
    } 
} 

public void init(FilterConfig config) throws ServletException { 

} 

public void checkDatabase(){ 
    try { 
     Class.forName("com.mysql.jdbc.Driver"); 
    } catch (ClassNotFoundException e) { 
     e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. 
    } 

    /* 
    The next lines allow you to change the username and password for the password. 
    */ 
    String username = "username"; 
    String password = "password"; 

    /* 
    The following line is the url. This can be changed to bring in to line with the database. 
    */ 
    String dbURL = "jdbc:mysql://localhost/hpsgdb?user=" 
      + username + "&password=" + password; 
    /* 
    This line connects to the database to the information presented earlier. 
    */ 

    java.sql.Connection myConnection = null; 
    try { 
     myConnection = DriverManager.getConnection(dbURL); 
     System.out.println("Connected to Database."); 
    } catch (SQLException e) { 
     e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. 
    } 
    /* 
    The next line creates a query on the database. The query is that you want exacuted is on the next line. 
    */ 
    Statement stat = null; 
    try { 
     stat = (Statement) myConnection.createStatement(); 
    } catch (SQLException e) { 
     e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. 
    } catch (NullPointerException e){ 
     e.printStackTrace(); 
    } 

    try { 
     ResultSet rs; 
     rs = stat.executeQuery("SELECT * from uuid where uuid='" + UUIDInCookie + "';"); 
     System.out.println("Executed Query."); 
     int count = 0; 
     while(rs.next()) { 
     UUIDInDB = rs.getString("uuid") ; 
     role = rs.getInt("role"); 
     } 
     System.out.println(UUIDInDB); 
     System.out.println("Role =" + role); 
     rs.close(); 
     myConnection.close(); 
    } catch (SQLException e) { 
     e.printStackTrace(); 
    } catch (NullPointerException e){ 
     e.printStackTrace(); 
    } 
} 

public static String getCookieValue(Cookie[] cookies, 
            String cookieName, 
            String defaultValue) throws IOException { 
    int length = cookies.length; 
    System.out.println(length); 
    try{ 
    for(int i=0; i<length; i++) { 
     Cookie cookie = cookies[i]; 
     if (cookieName.equals(cookie.getName())) { 
      System.out.println(cookies.length); 
      return(cookie.getValue()); 
     } else { 
      return defaultValue; 
     } 
    } } catch (NullPointerException e){ 
     e.printStackTrace(); 
     HttpServletResponse res = null; 
     res.sendRedirect("../Login.jsp"); 
    } 
    return(defaultValue); 
} 

}

這裏是我的web xml文件:

<filter> 
    <filter-name>SecurityFilter</filter-name> 
    <filter-class>filters.newFilter</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>SecurityFilter</filter-name> 
    <url-pattern>/add/addAuthor.jsp</url-pattern> 
    <url-pattern>/add/addAuthor</url-pattern> 
    <url-pattern>/add/addConference.jsp</url-pattern> 
    <url-pattern>/add/addConference</url-pattern> 
    <url-pattern>/add/addJournal.jsp</url-pattern> 
    <url-pattern>/add/addJournal</url-pattern> 
    <url-pattern>/add/addWorkshop.jsp</url-pattern> 
    <url-pattern>/add/addWorkshop</url-pattern> 
    <url-pattern>/add/index.jsp</url-pattern> 
</filter-mapping> 

<filter> 
    <filter-name>AdminFilter</filter-name> 
    <filter-class>filters.adminFilter</filter-class> 
</filter> 
<!-- <filter-mapping> 
    <filter-name>AdminFilter</filter-name> 
    <url-pattern>/add/addAuthor.jsp</url-pattern> 
    <url-pattern>/add/addAuthor</url-pattern> 
    <url-pattern>/add/addConference.jsp</url-pattern> 
    <url-pattern>/add/addConference</url-pattern> 
    <url-pattern>/add/addJournal.jsp</url-pattern> 
    <url-pattern>/add/addJournal</url-pattern> 
    <url-pattern>/add/addWorkshop.jsp</url-pattern> 
    <url-pattern>/add/addWorkshop</url-pattern> 
    <url-pattern>/add/index.jsp</url-pattern> 
    <url-pattern>/add/addConfJour.jsp</url-pattern> 
    <url-pattern>/add/addConfJourn</url-pattern> 
    <url-pattern>/add/addUser.jsp</url-pattern> 
    <url-pattern>/add/addUser</url-pattern> 
    <url-pattern>/add/addTag.jsp</url-pattern> 
    <url-pattern>/add/addTag</url-pattern> 
    <url-pattern>/add/indexAdmin.jsp</url-pattern> 
</filter-mapping>--> 

<filter-mapping> 
    <filter-name>AdminFilter</filter-name> 
    <url-pattern>/add/*</url-pattern> 
</filter-mapping>

由於提前 院長

來源

2009-08-10 Dean

+0

你的問題是什麼? – dfa 2009-08-10 14:51:57

+2

「這是我的代碼,讓它工作,奴才」 – skaffman 2009-08-10 14:56:48

+0

嗯,我不能解決爲什麼當我用非管理員帳戶登錄它不起作用,當我做它的工作。 – Dean 2009-08-10 16:54:45

回答

0

你確定你真的想要實現你自己的訪問安全嗎? servlet規範支持受保護的資源,因此您可以基本上做你正在做的事情。您可能仍然希望編寫過濾器以將用戶對象彈出到會話中。

查看此鏈接http://www.informit.com/articles/article.aspx?p=24253關於使用容器驗證來保護對Web資源的訪問。

還看了一眼你的代碼有一對夫婦的事情,不聞太好

  • 的Java命名約定的所有類應以大寫字母
  • 成員變量已經離開包保護啓動 - 這些理論上應該私人
  • 的兩個過濾器非常相似但不抽象父類或實用類
  • 數據庫連接正在爲每個登錄查找創建共享公共代碼 - 這是有效的 - 理想情況下,數據訪問應該通過數據訪問層,這應該使用連接池,以便連接重用,並且不會創建太多的連接。
  • 關閉資源 - 數據庫連接不保證被正確關閉。看看使用finally塊用於關閉資源
  • 異常處理 - 異常不應該被吞噬 - 他們包裹起來ServletException它們扔出去
  • 追趕NullPointerException這幫不應該被抓住,他們通常小學生引起編碼錯誤。

來源

2009-08-10 14:58:57 pjp

+0

我知道我被告知要這樣做我的客戶。那麼你有什麼建議嗎? – Dean 2009-08-10 16:51:58

+0

這兩個過濾器的FilterMappings引用相同的/添加文件夾。所以兩個過濾器都會被調用。也許你只希望你的管理員的東西通過管理員過濾器。 – pjp 2009-08-10 17:16:25

+0

謝謝你解決它。我現在明白這是好事。 – Dean 2009-08-11 09:48:28

相關問題

 相關問題