package com.whyc.filter; import com.whyc.constant.YamlProperties; import com.whyc.pojo.User; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * 权限验证 */ @WebFilter public class AccessFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; String requestURI = request.getRequestURI(); String servletPath = request.getServletPath(); if(YamlProperties.profileType.equals("prod")) { //用户需要登录 User user = (User) request.getSession().getAttribute("user"); //无需登录可以调用接口放行 if (!requestURI.contains(".") && !servletPath.equals("/") && (! ( //登录页面接口 requestURI.contains("login/login") || requestURI.contains("loginByRSA") //WebSocket-账号其他主机登录 || requestURI.contains("loginCheck") //软件升级申请请求 //|| requestURI.contains("software/upgradeApply") //options请求 || request.getMethod().toUpperCase().equals("OPTIONS") ))) { if (user == null) { //越权访问 response.setStatus(401); response.setContentType("text/html;charset=utf-8"); response.getWriter().write("非法请求,身份未验证"); return; } } } filterChain.doFilter(servletRequest, servletResponse); } private int count(String target,char charValue){ int count = 0; for (char ch : target.toCharArray()){ if(charValue == ch){ count++; } } return count; } @Override public void destroy() { } }