[原创]过滤器的应用

[原创]过滤器的应用

/**

* @(#) UserAuthenticateFilter.java

*

* Copyright 2004 Opensource Develop Team. All rights reserved.

*/

// package

package com.opensource.filter;

// imports

import sun.misc.BASE64Decoder;

import javax.servlet.*;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

import java.io.IOException;

import java.sql.Connection;

import java.sql.PreparedStatement;

import java.sql.ResultSet;

import java.sql.SQLException;

import com.opensource.database.ConnectFactory;

/**

* 进行用户身份验证，通过和数据库相连取得用户信息。

*

* @author: ODT

* @see: Filter

* @version: 1.0 21/04/2004

* @since: 1.3

*/

public class UserAuthenticateFilter implements Filter

{

private FilterConfig filterConfig = null;

private String adhocPassword = null;

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain)

throws IOException, ServletException

{

if (filterConfig == null)

return;

HttpServletRequest myReq = (HttpServletRequest) request;

HttpServletResponse myResp = (HttpServletResponse) response;

HttpSession session = myReq.getSession();

String authString = myReq.getHeader("Authorization");

if (authString == null)

{

// 修改realm

myResp.addHeader("WWW-Authenticate", "BASIC realm=\"OpenSource\"");

myResp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

return;

}

else

{

// atuhenticate

BASE64Decoder decoder = new BASE64Decoder();

String enString = authString.substring(6);

String decString = new String(decoder.decodeBuffer(enString));

int idx = decString.indexOf(":");

String uid = decString.substring(0, idx);

String pwd = decString.substring(idx+1);

if (!externalAuthenticate(uid, pwd))

{

// 修改realm

myResp.addHeader("WWW-Authenticate", "BASIC realm=\"OpenSource\"");

myResp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

return;

}

session.setAttribute("username", uid);

session.setAttribute("password", pwd);

}

filterConfig.getServletContext().log("in AdHocAuthenticateFilter");

chain.doFilter(request, response);

filterConfig.getServletContext().log("Getting out of AdHocAuthenticateFilter");

}

/**

* 数据库查询可自己修改

* @param: user -- 用户名

* @param: password -- 密码

* @return: boolean

*/

private boolean externalAuthenticate(String user, String password)

{

Connection myConnection = new ConnectFactory().getConnection();

try

{

String confirmSql =

"SELECT USERNAME, PASSWORD FROM USERS WHERE " +

"USERNAME=? AND PASSWORD=?";

PreparedStatement prep = myConnection.prepareStatement(confirmSql);

prep.setString(1, user);

prep.setString(2, password);

ResultSet rs = prep.executeQuery();

if (rs.next())

{

myConnection.close();

return true;

}

}

catch (SQLException sqle)

{

return false;

}

return false;

}

public void destroy(){}

public void init(FilterConfig filterConfig)

{

if (adhocPassword == null)

adhocPassword = "aaaa";

this.filterConfig = filterConfig;

}

public String toString()

{

if (filterConfig == null)

return ("AdHocAuthenticateFilter()");

StringBuffer sb = new StringBuffer("AdHocAuthenticateFilter(");

sb.append(filterConfig);

sb.append(")");

return (sb.toString());

}

}

安装配置UserAuthenticateFilter

web.xml

<filter>

<filter-name>User Authenticate</filter-name>

<filter-class>com.opensource.filter.UserAuthenticateFilter</filter-class>

<init-param>

<param-name>adhocPassword</param-name>

<!-- 可以初始化其他值 -->

<param-value>************</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>User Authenticate</filter-name>

<!-- 访问/opensource/下的任何文件都需要输入密码 -->

<url-pattern>/opensource/*</url-pattern>

</filter-mapping>

• ·Developers reference gu
• ·关于Borland，Delphi9的一些杂七杂
• ·使用Exception Management
• ·软件体系结构
• ·[原创]对表格行颜色进行渲染（代码示范）
• ·[原创]打破Java异常处理规则
• ·[原创]Linux下进行Java开发的一些小技
• ·[原创]写一个仅仅压缩文件的例子
• ·[原创]Java技巧：分布式Jtables处理
• ·[原创]搭建桌面应用程序原型（第三部分）