package com.mandi.servlet;
|
|
import java.io.IOException;
|
import java.util.UUID;
|
|
import javax.servlet.Filter;
|
import javax.servlet.FilterChain;
|
import javax.servlet.FilterConfig;
|
import javax.servlet.ServletException;
|
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletResponse;
|
import javax.servlet.annotation.WebFilter;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpSession;
|
|
import org.apache.log4j.Logger;
|
@WebFilter(filterName="tokenfilter",urlPatterns={"*.jsf","*.htm"})
|
public class Tokenfilter implements Filter {
|
private Logger log=Logger.getLogger(Tokenfilter.class);
|
String token_s_name;
|
String token_c_name;
|
@Override
|
public void destroy() {
|
|
}
|
|
@Override
|
public void doFilter(ServletRequest arg0, ServletResponse arg1,
|
FilterChain arg2) throws IOException, ServletException {
|
HttpServletRequest r=(HttpServletRequest)arg0;
|
HttpSession s=r.getSession();
|
Object token_s=s.getAttribute(token_s_name);
|
// log.info("token_s:"+token_s);
|
if(token_s==null)
|
{
|
s.setAttribute(token_s_name, UUID.randomUUID().toString());
|
arg2.doFilter(arg0, arg1);
|
return;
|
}
|
String token_c=r.getParameter(token_c_name);
|
if(token_c==null)
|
{
|
arg2.doFilter(arg0, arg1);
|
return;
|
}
|
s.setAttribute(token_s_name, UUID.randomUUID().toString());
|
if(token_c.equals(token_s))
|
{
|
arg2.doFilter(arg0, arg1);
|
return;
|
}
|
}
|
|
@Override
|
public void init(FilterConfig arg0) throws ServletException {
|
token_s_name="stoken";
|
token_c_name="ctoken";
|
}
|
|
}
|
