日期:2014-05-17  浏览次数:20813 次

又来了。。。。

package cn.itcast.filter;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.sun.net.httpserver.Filter.Chain;

import cn.itcast.domain.Privilege;
import cn.itcast.domain.User;
import cn.itcast.service.SecurityService;

public class CheckPrivilegeFilter implements Filter {
private Map<String,Privilege> map=new HashMap<String,Privilege>();

public void doFilter(ServletRequest req, ServletResponse res,
FilterChain Chain) throws IOExceptionServletException {
HttpServletRequest request=(HttpServletRequest) req;
HttpServletResponse response=(HttpServletResponse) res;

//得到用户请求的URI
String uri=request.getRequestURI();
//得到访问资源所需要的权限
Privilege p=map.get(uri);
//判断得到的权限是否为空,为空则代表访问该资源不需要权限,则直接放行
if(p==null){
Chain.doFilter(request,response);
}
//如果需要权限,则检查用户是否已经登录,如果没有登录,先让用户登录
User user=(User) request.getSession().getAttribute("user");
if(user==null){
request.setAttribute("message","对不起,请先登录!!");
request.getRequestDispatcher("/message.jsp").forward(request, response);
return;
}
//如果用户已经登录,得到用户拥有的所有权限
SecurityService service=new SecurityService();
Set set=(Set) service.getRolePrivileges(user.getId());

//判断用户拥有的权限中,是否含有访问资源需要的权限
if(!set.contains(p)){
request.setAttribute("message","对不起,您没有权限访问,请联系管理员!!");
request.getRequestDispatcher("/message.jsp").forward(request, response);
return;
}

}
public void destroy() {
// TODO Auto-generated method stub

}

public void init(FilterConfig arg0) throws ServletException {
map.put("/myday19/manager/AddUser",new Privilege("添加用户"));
map.put("/myday19/manager/DeleteUser",new Privilege("删除用户"));
map.put("/myday19/manager/FreezeUser",new Privilege("冻结用户"));
map.put("/myday19/manager/UnfreezeUser",new Privilege("解冻用户"));

}

}




错误提示:
2013-10-25 19:11:09 org.apache.catalina.core.StandardWrapperValve invoke
严重: Servlet.service() for servlet LoginServlet threw exception
java.lang.IllegalStateException: Cannot forward after response has been committed
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:312)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at cn.