Authentication 如何在登录时限制子文件夹
在开始之前,我查阅了很多教程和stackoverflow中的很多问题,但没有一个能满足我的需求,这是我的问题: 我有一个类:User,以及从User扩展而来的其他3个类:admin、recruteur和candidate 我所做的(以及我在这里的所有教程和问题中发现的)是在用户登录时放置一个过滤器,这样,如果他登录,他可以查看受保护的文件夹/*但如果没有,他将被重定向到login.xhtml 现在我想要的是添加其他文件夹,这样管理员只能访问admin文件夹+安全文件夹,recruter只能访问安全+recruter文件夹等 目前,我已将adminFolder、recruterFolder、CandidateFolder放在securedFolder中,但无法对子文件夹进行限制。这是我的过滤器的代码Authentication 如何在登录时限制子文件夹,authentication,jsf,jakarta-ee,jsf-2,glassfish,Authentication,Jsf,Jakarta Ee,Jsf 2,Glassfish,在开始之前,我查阅了很多教程和stackoverflow中的很多问题,但没有一个能满足我的需求,这是我的问题: 我有一个类:User,以及从User扩展而来的其他3个类:admin、recruteur和candidate 我所做的(以及我在这里的所有教程和问题中发现的)是在用户登录时放置一个过滤器,这样,如果他登录,他可以查看受保护的文件夹/*但如果没有,他将被重定向到login.xhtml 现在我想要的是添加其他文件夹,这样管理员只能访问admin文件夹+安全文件夹,recruter只能访问安
//user=member
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession(false);
String loginURI = request.getContextPath() + "/index.xhtml";
boolean loggedIn = session != null && session.getAttribute("membre") != null;
boolean loginRequest = request.getRequestURI().equals(loginURI);
boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);
if (loggedIn || loginRequest || resourceRequest) {
chain.doFilter(request, response);
} else {
response.sendRedirect(loginURI);
}
}
这应该适用于您的过滤器:
if (loggedIn || loginRequest || resourceRequest) {
Membre membre = (Membre)session.getAttribute("membre");
if (request.getRequestURI().contains("adminFolder")
&& !"ADMIN".equals(membre.getDtype())){
//When user tries to access the admin folder without being ADMIN,
//redirect to login page
response.sendRedirect(loginURI);
} else{
chain.doFilter(request, response);
}
} else {
response.sendRedirect(loginURI);
}
import java.io.IOException;
import javax.faces.application.ResourceHandler;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SecuredRoleFilter implements Filter{
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession(false);
String loginURI = request.getContextPath() + "/index.xhtml";
boolean loggedIn = session != null && session.getAttribute("role").equals("Candidat");
boolean loginRequest = request.getRequestURI().equals(loginURI);
boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);
if (loggedIn || loginRequest || resourceRequest) {
chain.doFilter(request, response);
} else {
response.sendRedirect(loginURI);
}
}
@Override
public void destroy() {}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
<filter>
<filter-name>secured</filter-name>
<filter-class>packageName.ConxFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>secured</filter-name>
<url-pattern>/secured/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>securedCandidat</filter-name>
<filter-class>packageName.SecuredRoleFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>securedCandidat</filter-name>
<url-pattern>/secured/candidatFolder/*</url-pattern>
</filter-mapping>
安全的
packageName.ConxFilter
安全的
/安全的/*
安全的
packageName.SecuredRoleFilter
安全的
/安全/候选文件夹/*
if(request.getRequestURI()。包含(“adminFolder”))响应。发送重定向(loginURI)SecuredRoleFilterif