URL權限過濾（1）

[size=large][color=red][b]如果您發現內容含有錯誤或公司內部信息，請予以指出，本人不勝感激。。。。[/b][/color][/size]

import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.FilterChain;
import java.io.IOException;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletResponse;

public class PermissiondoFilter implements Filter {

	private FilterConfig filterConfig;
	private FilterChain chain;
	private HttpServletRequest request;
	private HttpServletResponse response;

	public void destroy() {
		this.filterConfig = null;
	}

	public void init(FilterConfig filterConfig) throws ServletException {
		this.filterConfig = filterConfig;
	}

	public void doFilter(ServletRequest servletRequest,
			ServletResponse servletResponse, FilterChain chain) {
		this.chain = chain;
		this.request = (HttpServletRequest) servletRequest;
		this.response = ((HttpServletResponse) servletResponse);
		String url = request.getRequestURI();
		System.out.println("訪問的完整路徑-->" + url);

		try {
			HttpSession session = request.getSession();
			// 獲取網站訪問根目錄
			String accessPath = request.getContextPath();
			System.out.println("-訪問的網站根目錄-" + accessPath);

			// 截獲根目錄以後的路徑即'/項目名'以後的路徑;
			url = url.substring(accessPath.length() + 1, url.length());
			System.out.println("-訪問-" + url);
			LoginUser loginUser = (LoginUser) session.getAttribute("loginUser");
			System.out.println("url-->" + url);
			if (noVerifyUrl(url, request)) {
				chain.doFilter(request, response);
			} else if (loginUser == null) {
				response.sendRedirect(accessPath + "/login.jsp");
			} else {
				System.out.println(loginUser.getUserName() + "-訪問-" + url);

				verifyUrl(url, loginUser);
			}
		} catch (Exception sx) {
			sx.printStackTrace();
		}
	}