www.pudn.com > SecurityFilter.rar > SecurityRequest.java
package dev.trade.common.securityfilter.filter; import java.io.*; import java.security.*; import java.util.*; import javax.servlet.*; import javax.servlet.http.*; import dev.trade.common.securityfilter.authenticator.*; /** *Title: 权限过滤器
* *Description: 安全请求包装类
* *Copyright: Copyright (c) 2006
* *Company:
* * @author Zheng YanNan * @version 1.0 */ public class SecurityRequest extends HttpServletRequestWrapper{ public static final String PRINCIPAL_SESSION_KEY = SecurityRequest.class.getName() + ".PRINCIPAL"; private Authenticator authenticator; private HttpServletRequest currentRequest; private SavedRequest savedRequest; private String matchableURL; public SecurityRequest(HttpServletRequest request, SavedRequest savedRequest, Authenticator authenticator){ super(request); this.currentRequest = request; this.savedRequest = savedRequest; this.authenticator = authenticator; initMatchableURL(); } /** * Get the original HttpServletRequest object. */ public HttpServletRequest getCurrentRequest(){ return currentRequest; } /** * Get a parameter value by name. If multiple values are available, the first value is returned. * * @param s parameter name */ public String getParameter(String s){ if(savedRequest == null){ return currentRequest.getParameter(s); } else{ String value = currentRequest.getParameter(s); if(value == null){ String[] valueArray = (String[])savedRequest.getParameterMap().get(s); if(valueArray != null){ value = valueArray[0]; } } return value; } } /** * Get a map of parameter values for this request. */ public Map getParameterMap(){ if(savedRequest == null){ return currentRequest.getParameterMap(); } else{ Map map = new HashMap(savedRequest.getParameterMap()); map.putAll(currentRequest.getParameterMap()); return Collections.unmodifiableMap(map); } } /** * Get an enumeration of paramaeter names for this request. */ public Enumeration getParameterNames(){ if(savedRequest == null){ return currentRequest.getParameterNames(); } else{ return Collections.enumeration(getParameterMap().keySet()); } } /** * Get an array of values for a parameter. * * @param s parameter name */ public String[] getParameterValues(String s){ if(savedRequest == null){ return currentRequest.getParameterValues(s); } else{ String[] values = currentRequest.getParameterValues(s); if(values == null){ values = (String[])savedRequest.getParameterMap().get(s); } return values; } } /** * Set the request that is to be wrapped. * * @param request wrap this request */ public void setRequest(ServletRequest request){ super.setRequest(request); this.currentRequest = (HttpServletRequest)request; } /** * Check if a user is in a role. * * @param role name of role to check */ public boolean isUserInRole(String role){ return authenticator.isUserInRole(getUserPrincipal(), role); } public boolean isResourceAuthorized(String resName){ return this.authenticator.isResourceAuthorized(getUserPrincipal(), resName); } /** * Get the remote user's login name */ public String getRemoteUser(){ String username = null; Principal principal = getUserPrincipal(); if(principal != null){ username = principal.getName(); } return username; } /** * Get a Principal object for the current user. */ public Principal getUserPrincipal(){ return(Principal)currentRequest.getSession().getAttribute(PRINCIPAL_SESSION_KEY); } /** * This method is provided to restore functionality of this method in case the wrapper class we are extending * has disabled it. This method is needed to process multi-part requests downstream, and it appears that some * wrapper implementations just return null. WebLogic 6.1.2.0 is one such implementation. * * @exception IOException */ public ServletInputStream getInputStream() throws IOException{ ServletInputStream stream = super.getInputStream(); if(stream == null){ stream = currentRequest.getInputStream(); } return stream; } /** * Set the username of the current user. * WARNING: Calling this method will set the user for this session -- authenticate the user before calling * this method. * * @param principal the user Principal object */ public void setUserPrincipal(Principal principal){ currentRequest.getSession().setAttribute(PRINCIPAL_SESSION_KEY, principal); } /** * Returns the auth type (e.g. FORM, BASIC, etc.). */ public String getAuthType(){ if(getUserPrincipal() != null && authenticator!=null){ return authenticator.getAuthMethod(); } else{ return null; } } /** * Returns the HTTP method used to make this request. If the savedRequest is non-null, * the HTTP method of the saved request will be returned. */ public String getMethod(){ if(savedRequest != null){ return savedRequest.getMethod(); } else{ return super.getMethod(); } } public Authenticator getAuthenticator(){ return this.authenticator; } /** * Get a URL that can be matched against security URL patterns. * * This is the part after the contextPath, with the pathInfo, but without the query string. * http://server:8080/contextPath/someURL.jsp?param=value becomes /someURL.jsp */ public String getMatchableURL(){ return matchableURL; } /** * Initilize the matchableURL. */ private void initMatchableURL(){ // extract the servlet path portion that needs to be checked matchableURL = currentRequest.getServletPath(); // add the pathInfo, as it needs to be part of the URL we check String pathInfo = currentRequest.getPathInfo(); if(pathInfo != null){ matchableURL = matchableURL + pathInfo; } } }