package com.fgkj.Filters;
|
|
import com.fgkj.dto.Custompage;
|
import com.fgkj.dto.ServiceModel;
|
import com.fgkj.dto.User_permitgroup;
|
import com.fgkj.services.CustompageService;
|
import com.fgkj.util.ActionUtil;
|
import com.google.gson.reflect.TypeToken;
|
|
import javax.annotation.Resource;
|
import javax.servlet.*;
|
import javax.servlet.http.HttpServletRequest;
|
import java.io.IOException;
|
import java.io.PrintWriter;
|
import java.util.List;
|
|
/**
|
* 防止用户非法盗链
|
* @author 军
|
*
|
*/
|
public class HotlinkFilter implements Filter{
|
@Resource
|
private CustompageService custompageService;
|
|
//定义一个联系导航和权限的数组
|
String[][] temp={
|
//数据管理内有查询功能的页面
|
{"batttest_data_query_permit","11"}, //电池充放电数据管理
|
{"batttest_data_edit_permit","12"}, //上传fbo/idc数据
|
{"batttest_data_edit_permit","13"}, //上传内阻/电导数据
|
{"batttest_data_query_permit","14"}, //数据统计查询报表
|
|
{"battinf_report_query_permit","19"}, //电池信息统计查询
|
{"battgroup_report_query_permit","20"}, //电池组统计分析查询
|
{"monomer_report_query_permit","21"}, //电池单体统计分析查询
|
{"battlarm_report_query_permit","21"}, //电池单体统计分析查询
|
|
//作业管理内有查询功能的页面
|
{"task_query_permit","33"}, //作业管理
|
{"task_query_permit","34"}, //作业参数
|
{"task_query_permit","35"}, //节假日管理
|
{"task_query_permit","36"}, //作业模板管理
|
{"task_query_permit","37"}, //作业变更查询
|
{"task_query_permit","38"}, //作业报表
|
{"task_query_permit","39"}, //动环C接口状态
|
{"task_query_permit","40"}, //短信设备状态
|
{"task_query_permit","42"}, //作业抽查管理
|
|
//用户和包机组管理权限
|
{"usr_query_permit","44"}, //用户管理
|
{"usr_query_permit","46"}, //包机组管理
|
|
{"permit_query_permit","45"}, //权限管理
|
|
//服务器参数设置权限
|
{"server_param_query_permit","49"}, //参数设置
|
|
//电池告警管理权限
|
{"batt_alm_query_permit","27"}, //电池告警实时查询
|
{"batt_alm_query_permit","28"}, //电池告警历史查询
|
|
//设备告警管理权限
|
{"dev_alm_query_permit","29"}, //设备告警实时查询
|
{"dev_alm_query_permit","30"}, //设备告警历史查询
|
|
//电池故障管理权限
|
{"battfault_query_permit","24"}, //电池故障维护查询
|
{"battfault_query_permit","25"}, //电池故障维护统计报表
|
|
//作业抽查任务管理权限
|
{"usr_taskcheck_query_permit","42"}, //作业抽查管理
|
|
//作业变更管理权限
|
{"taskchange_query_permit","37"}, //作业变更查询
|
|
{"batt_test_op_permit","58"}, //电池放电测试
|
|
//超级管理员界面
|
{"batt_discharge_model_permit","59"}, //设备充放电模块参数
|
{"batt_discharge_model_permit","63"}, //电池组信息配置
|
{"batt_discharge_model_permit","68"}, //线程监控管理
|
{"batt_discharge_model_permit","64"}, //用户密码重置
|
{"batt_discharge_model_permit","65"}, //班组管理
|
|
{"batt_alm_param_query_permit","31"}, //告警参数设置
|
{"batt_alm_param_query_permit","66"}, //设备告警参数设置
|
};
|
|
|
public void destroy() {
|
|
}
|
|
public void doFilter(ServletRequest req, ServletResponse resp,
|
FilterChain chain) throws IOException, ServletException {
|
//System.out.println("。。。。。。");
|
HttpServletRequest request=(HttpServletRequest)req;
|
String URL=request.getRequestURI();
|
String[] uri=request.getRequestURI().split("/");
|
String source=uri[uri.length-1];
|
//System.out.println("***"+source+"***");
|
boolean flag=false;
|
if("login.jsp".equalsIgnoreCase(source) || "navConfig.jsp".equalsIgnoreCase(source) || "pwdChange.jsp".equalsIgnoreCase(source) || "fuguang".equals(source) || "index.jsp".equals(source)){
|
flag=true;
|
if("login.jsp".equalsIgnoreCase(source)){
|
//进入登录页面的时候查询导航数组并且将其存入session
|
ServiceModel model = custompageService.searchAll();
|
custompageService.setCust(model);
|
}
|
}else{
|
List<Custompage> custompages = (List<Custompage>) ActionUtil.getSession().getAttribute("custompages");
|
//System.out.println(custompages);
|
Custompage cust = getCustompage(source,custompages);
|
if(cust==null){
|
flag=true;
|
//System.out.println("......"+source+"......");
|
}else{
|
String permitName=getPermitName(cust.getNum(),temp);
|
if(permitName.equalsIgnoreCase("")){
|
if(cust.getSubflag()==1){
|
flag=true;
|
}
|
}else{
|
List<User_permitgroup> permits=ActionUtil.getGson("yyyy-MM-dd HH:mm:ss").fromJson(ActionUtil.getSession().getAttribute("permits").toString(), new TypeToken<List<User_permitgroup>>(){}.getType());
|
//System.out.println(permitName);
|
//System.out.println(permits);
|
User_permitgroup permit=getPermitByName(permitName, permits);
|
//System.out.println(cust);
|
if(permit!=null && permit.getPermit_item_value()==1 && cust.getSubflag()==1){
|
flag=true;
|
}
|
}
|
Custompage t=getMainMenu(cust, custompages);
|
if(t!=null && t.getSubflag()==0){
|
flag=false;
|
}
|
}
|
}
|
//System.out.println(source+"---->"+flag);
|
if(flag){
|
chain.doFilter(req, resp);
|
}else{
|
PrintWriter out=ActionUtil.getOut();
|
out.print("<script charset='UTF-8'>alert('您还未有权限进入该页面,请向管理员申请');window.close()</script>");
|
}
|
}
|
|
|
public void init(FilterConfig arg0) throws ServletException {
|
|
}
|
|
//判断当前用户是否有(permit)该权限
|
public static boolean getAlow(List<User_permitgroup> permits,User_permitgroup permit){
|
boolean flag=false;
|
for (int i = 0; i < permits.size(); i++) {
|
if(permits.get(i).getPermit_item_name().equalsIgnoreCase(permit.getPermit_item_name())){
|
flag=true;
|
break;
|
}
|
}
|
return flag;
|
}
|
|
//根据权限的名字获取权限对象
|
public static User_permitgroup getPermitByName(String name,List<User_permitgroup> permits){
|
for(int i=0;i<permits.size();i++){
|
if(name.equalsIgnoreCase(permits.get(i).getPermit_item_name())){
|
return permits.get(i);
|
}
|
}
|
//System.out.println("没有该权限");
|
return null;
|
}
|
|
//根据访问的页面获取导航对象
|
public static Custompage getCustompage(String target,List<Custompage> Custs){
|
for(int i=0;Custs!=null && i<Custs.size();i++){
|
if(target.equalsIgnoreCase(Custs.get(i).getSublink()) && Custs.get(i).getSubjudge()!=0){
|
return Custs.get(i);
|
}
|
}
|
//System.out.println("未找到该导航");
|
return null;
|
}
|
|
//根据导航对象获取其主菜单对象
|
public static Custompage getMainMenu(Custompage cust,List<Custompage> Custs){
|
if(cust!=null){
|
for(int i=0;i<Custs.size();i++){
|
if(cust.getNavigate_order()==Custs.get(i).getNavigate_order() && cust.getNavigate().equalsIgnoreCase(Custs.get(i).getNavigate()) && Custs.get(i).getSubjudge()==2){
|
return Custs.get(i);
|
}
|
}
|
}
|
return null;
|
}
|
|
//根据导航的num获取所需权限的名字
|
public static String getPermitName(Integer num,String[][] tempStr){
|
for(int i=0;i<tempStr.length;i++){
|
if(num==Integer.parseInt(tempStr[i][1])){
|
return tempStr[i][0];
|
}
|
}
|
//System.out.println("不需要权限");
|
return "";
|
}
|
}
|
