Olá Pessoal!
Não estou conseguindo fazer o filtro funcionar de forma correta!
Fiz uma sessão para o usuário poder acessar o sistema, mas caso seja um usuário sem permissão para acessar uma pagina jsp ou um sevlet, basta ele digitar a url “endereço” no browse que o mesmo consegue acessar o endereço sem ter a permissão.
Segue abaixo a servlet que dá acesso ao sistema:
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, SQLException {
response.setContentType(“text/html;charset=UTF-8”);
PrintWriter out = response.getWriter();
String usuario = request.getParameter("usuario");
String senha = request.getParameter("senha");
RequestDispatcher rd = null;
HttpSession sessao = request.getSession();
UsuarioDAO usuarioDAO = new UsuarioDAO();
Usuarios usuarios = usuarioDAO.getUsuario(usuario, senha);
if(usuarios != null && usuarios.getNivel() == 1){
sessao.setAttribute("sessaoUsuario", usuario);
sessao.setAttribute("nomeCompleto", usuarios.getNomeCompleto());
sessao.setAttribute("nome", usuarios.getUsuario());
sessao.setAttribute("nivel", usuarios.getNivel());
rd = request.getRequestDispatcher("/index.jsp");
//System.out.println(usuarios.getNivel());
rd.forward(request, response);
}else if (usuarios != null && usuarios.getNivel() == 2){
sessao.setAttribute("sessaoUsuario", usuario);
sessao.setAttribute("nomeCompleto", usuarios.getNomeCompleto());
sessao.setAttribute("nome", usuarios.getUsuario());
sessao.setAttribute("nivel", usuarios.getNivel());
rd = request.getRequestDispatcher("/index1.jsp");
rd.forward(request, response);
}else if (usuarios != null && usuarios.getNivel() == 3){
sessao.setAttribute("sessaoUsuario", usuario);
sessao.setAttribute("nomeCompleto", usuarios.getNomeCompleto());
sessao.setAttribute("nome", usuarios.getUsuario());
rd = request.getRequestDispatcher("/index2.jsp");
rd.forward(request, response);
}else{
request.setAttribute("mensagem", "Usuario ou Senha Invalido!");
rd = request.getRequestDispatcher("/login.jsp");
rd.forward(request, response);
}
}
Mas caso o usuário logado não tenha permissão para acessar a servlet abaixo, o mesmo consegue digitando a URL no browser.
Aqui é o trecho do código acima onde pego o nível do usuário:
sessao.setAttribute(“nivel”, usuarios.getNivel());
Abaixo está o filtro:
public class Filtro implements Filter {
private static final boolean debug = true;
// The filter configuration object we are associated with. If
// this value is null, this filter instance is not currently
// configured.
private FilterConfig filterConfig = null;
public Filtro() {
}
private void doBeforeProcessing(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
if (debug) {
log("Filtro:DoBeforeProcessing");
}
// Write code here to process the request and/or response before
// the rest of the filter chain is invoked.
// For example, a logging filter might log items on the request object,
// such as the parameters.
/*
for (Enumeration en = request.getParameterNames(); en.hasMoreElements(); ) {
String name = (String)en.nextElement();
String values[] = request.getParameterValues(name);
int n = values.length;
StringBuffer buf = new StringBuffer();
buf.append(name);
buf.append("=");
for(int i=0; i < n; i++) {
buf.append(values[i]);
if (i < n-1)
buf.append(",");
}
log(buf.toString());
}
*/
}
private void doAfterProcessing(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
if (debug) {
log("Filtro:DoAfterProcessing");
}
// Write code here to process the request and/or response after
// the rest of the filter chain is invoked.
// For example, a logging filter might log the attributes on the
// request object after the request has been processed.
/*
for (Enumeration en = request.getAttributeNames(); en.hasMoreElements(); ) {
String name = (String)en.nextElement();
Object value = request.getAttribute(name);
log("attribute: " + name + "=" + value.toString());
}
*/
// For example, a filter might append something to the response.
/*
PrintWriter respOut = new PrintWriter(response.getWriter());
respOut.println("<P><B>This has been appended by an intrusive filter.</B>");
*/
}
/**
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @param chain The filter chain we are processing
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession();
if (session.getAttribute("nivel") == "1") {
chain.doFilter(request, response);
} else {
session.invalidate();
resp.sendRedirect(req.getContextPath() + "/login.jsp");
}
}
/**
* Return the filter configuration object for this filter.
*/
public FilterConfig getFilterConfig() {
return (this.filterConfig);
}
/**
* Set the filter configuration object for this filter.
*
* @param filterConfig The filter configuration object
*/
public void setFilterConfig(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
}
/**
* Destroy method for this filter
*/
public void destroy() {
}
/**
* Init method for this filter
*/
public void init(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
if (filterConfig != null) {
if (debug) {
log("Filtro:Initializing filter");
}
}
}
/**
* Return a String representation of this object.
*/
@Override
public String toString() {
if (filterConfig == null) {
return ("Filtro()");
}
StringBuffer sb = new StringBuffer("Filtro(");
sb.append(filterConfig);
sb.append(")");
return (sb.toString());
}
private void sendProcessingError(Throwable t, ServletResponse response) {
String stackTrace = getStackTrace(t);
if (stackTrace != null && !stackTrace.equals("")) {
try {
response.setContentType("text/html");
PrintStream ps = new PrintStream(response.getOutputStream());
PrintWriter pw = new PrintWriter(ps);
pw.print("<html>\n<head>\n<title>Error</title>\n</head>\n<body>\n"); //NOI18N
// PENDING! Localize this for next official release
pw.print("<h1>The resource did not process correctly</h1>\n<pre>\n");
pw.print(stackTrace);
pw.print("</pre></body>\n</html>"); //NOI18N
pw.close();
ps.close();
response.getOutputStream().close();
} catch (Exception ex) {
}
} else {
try {
PrintStream ps = new PrintStream(response.getOutputStream());
t.printStackTrace(ps);
ps.close();
response.getOutputStream().close();
} catch (Exception ex) {
}
}
}
public static String getStackTrace(Throwable t) {
String stackTrace = null;
try {
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
t.printStackTrace(pw);
pw.close();
sw.close();
stackTrace = sw.getBuffer().toString();
} catch (Exception ex) {
}
return stackTrace;
}
public void log(String msg) {
filterConfig.getServletContext().log(msg);
}
}
Aqui é o trecho do codigo acima onde verifico o nivel do usuario para acessar a servlet:
if (session.getAttribute(“nivel”) == “1”) {
chain.doFilter(request, response);
} else {
session.invalidate();
resp.sendRedirect(req.getContextPath() + “/login.jsp”);
}
Abaixo a servlet que desejo obter a permissão de acesso através do Filtro:
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, SQLException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
int numPagina = 1;
if (request.getParameter("numpagina") != null) {
numPagina = Integer.parseInt(request.getParameter("numpagina"));
}
VendaDAO vendaDAO = new VendaDAO();
try{
String ordenacao = request.getParameter("ordenacao");
if(ordenacao == null)
ordenacao = "vencodigo";
String pesquisa = request.getParameter("pesquisa");
if(pesquisa == null)
pesquisa = "";
String campoapesquisar = request.getParameter("campoapesquisar");
if(campoapesquisar == null)
campoapesquisar = "vencli";
List listaVenda = vendaDAO.getListaVendaPaginada(numPagina, ordenacao, pesquisa, campoapesquisar);
String totalRegistros = vendaDAO.totalRegistros();
request.setAttribute("sessaoListaVenda", listaVenda);
request.setAttribute("sessaoQtdTotalPedidos", totalRegistros);
RequestDispatcher rd = request.getRequestDispatcher("/listapedidos.jsp");
rd.forward(request, response);
}catch(SQLException er){
Logger.getLogger(PedidosCRUD.class.getName()).log(Level.SEVERE, null, er);
}
}
Quando fui fazer um teste com usuario de nivel 1, o sistema me redirecionou para o login.jsp!
Alguem pode me ajudar?