1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
|
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException, UnauthorizedAccess {
System.out.println("Youhou");
HttpSession session = null;
/*On verifie que l'user est authentifié (presence de son objet en Session)*/
session = haveSession((HttpServletRequest) req);
/*On recupère l'URI demandé*/
String URI = ((HttpServletRequest)req).getRequestURI();
//On teste si la variable personne qui doit être ds la session est un User ou un Admin
if(session.getAttribute("personne") instanceof User){
isUserPage(URI);
}
else if (session.getAttribute("personne") instanceof Admin) {
isAdminPage(URI);
}
chain.doFilter(req,res);
}
private void isUserPage(String uri) throws UnauthorizedAccess{
boolean isAuthorized = false;
for(int i=0;i<restrictedUserPages.length;i++){
if (uri.equals(BASE_URI + USER_REP + restrictedUserPages[i]))
isAuthorized = true;
}
if (!isAuthorized)
throw new UnauthorizedAccess();
}
private void isAdminPage(String uri) throws UnauthorizedAccess{
boolean isAuthorized = false;
System.out.println(uri);
for(int i=0;i<restrictedAdminPages.length;i++){
System.out.println(BASE_URI + USER_REP + restrictedAdminPages[i]);
if (uri.equals(BASE_URI + USER_REP + restrictedAdminPages[i]))
isAuthorized = true;
}
if (!isAuthorized)
throw new UnauthorizedAccess();
} |
Partager