在我开始之前,我已经检查过很多教程,并且在stackoverflow中有很多问题,但是它们似乎都没有给我我想要的东西,这是我的问题:
我有一个类:用户,以及另外3个来自用户:admin,recruteur和candidat
我所做的(以及我在所有教程和问题中找到的内容)是在用户登录时放置过滤器,因此如果他已登录,则可以查看文件夹secure * *但是不,他将被重定向到login.xhtml
现在我想要的是添加其他文件夹,所以管理员只能访问管理员文件夹+安全文件夹,招聘人员只能访问安全+招聘文件夹等...
现在我已将adminFolder,recruterFolder,candidatFolder放入secureFolder,但我无法对子文件夹进行限制。这是我的过滤器的代码
//user=member
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession(false);
String loginURI = request.getContextPath() + "/index.xhtml";
boolean loggedIn = session != null && session.getAttribute("membre") != null;
boolean loginRequest = request.getRequestURI().equals(loginURI);
boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);
if (loggedIn || loginRequest || resourceRequest) {
chain.doFilter(request, response);
} else {
response.sendRedirect(loginURI);
}
}
答案 0 :(得分:1)
创建另一个过滤器(与您的过滤器相同,但添加了
import java.io.IOException;
import javax.faces.application.ResourceHandler;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SecuredRoleFilter implements Filter{
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession(false);
String loginURI = request.getContextPath() + "/index.xhtml";
boolean loggedIn = session != null && session.getAttribute("role").equals("Candidat");
boolean loginRequest = request.getRequestURI().equals(loginURI);
boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);
if (loggedIn || loginRequest || resourceRequest) {
chain.doFilter(request, response);
} else {
response.sendRedirect(loginURI);
}
}
@Override
public void destroy() {}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
现在在web.xml中添加过滤器
<filter>
<filter-name>secured</filter-name>
<filter-class>packageName.ConxFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>secured</filter-name>
<url-pattern>/secured/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>securedCandidat</filter-name>
<filter-class>packageName.SecuredRoleFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>securedCandidat</filter-name>
<url-pattern>/secured/candidatFolder/*</url-pattern>
</filter-mapping>
答案 1 :(得分:0)
这适用于您的过滤器:
if (loggedIn || loginRequest || resourceRequest) {
Membre membre = (Membre)session.getAttribute("membre");
if (request.getRequestURI().contains("adminFolder")
&& !"ADMIN".equals(membre.getDtype())){
//When user tries to access the admin folder without being ADMIN,
//redirect to login page
response.sendRedirect(loginURI);
} else{
chain.doFilter(request, response);
}
} else {
response.sendRedirect(loginURI);
}