QuickStart: AuthFilter.java

File AuthFilter.java, 2.6 KB (added by chenxiaohu, 11 years ago)
Line 
1/*
2 * Copyright 1997-2013
3 *
4 * http://www.pconline.com.cn
5 *
6 */
7package cn.pconline.pcgeli.web;
8
9import java.io.IOException;
10import javax.servlet.FilterConfig;
11import javax.servlet.ServletException;
12import javax.servlet.http.HttpServletRequest;
13import javax.servlet.http.HttpServletResponse;
14import org.apache.commons.logging.Log;
15import org.apache.commons.logging.LogFactory;
16import org.gelivable.auth.GeliAuthFacade;
17import org.gelivable.auth.entity.GeliFunction;
18import org.gelivable.web.AbstractAuthFilter;
19import org.gelivable.web.Env;
20import org.gelivable.web.EnvUtils;
21
22/**
23 *
24 * @author chenxiaohu
25 */
26public class AuthFilter extends AbstractAuthFilter {
27    Log LOG = LogFactory.getLog(AuthFilter.class);
28
29    static final String CREATE_DO = "create.do";
30    static final String UPDATE_DO = "update.do";
31    static final String DELETE_DO = "delete.do";
32
33    @Override
34    public void init(FilterConfig filterConfig) throws ServletException { }
35
36    @Override
37    public void destroy() { }
38
39    @Override
40    public void sendAuthFail(HttpServletResponse resp, boolean json) throws IOException {
41        if (json) {
42            resp.setCharacterEncoding("UTF-8");
43            resp.setContentType("text/json");
44            resp.getWriter().println("{\"statusCode\":300, \"message\":\"没有权限\"}");
45        } else {
46            resp.setCharacterEncoding("UTF-8");
47            resp.setContentType("text/html");
48            resp.getWriter().print("<div class=\"pageContent\">"
49                    + "<div style='padding-top:200px;text-align:center;"
50                    + "font-size:24px;color:red;'>"
51                    + "没有权限!</div></div>");
52        }
53    }
54
55    @Override
56    public int hasRight(HttpServletRequest req) {
57        Env env = EnvUtils.getEnv();
58        GeliAuthFacade authFacade = env.getBean(GeliAuthFacade.class);
59
60        // examples...
61        if (matchActions("sales", req, CREATE_DO, UPDATE_DO, DELETE_DO)) {
62            return authFacade.hasRight(GeliFunction.read("sales_maint")) ? HAS_RIGHT : HAS_NOT_RIGHT;
63        }
64        return DEFAULT_RIGHT;
65    }
66
67    // check request uri match ${contextPath}/admin/${entityName}/${one of actions}
68    boolean matchActions(String entityName, HttpServletRequest req, String ... actions) {
69        String uri = req.getRequestURI();
70        Env env = EnvUtils.getEnv();
71        String uriPrefix = env.getServletContext().getContextPath() + "/admin/" + entityName.toLowerCase() + '/';
72        for (String action : actions) {
73            if (uri.startsWith(uriPrefix + action)) {
74                return true;
75            }
76        }
77        return false;
78    }
79}