droideparanoico/myhealth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implementada seguridad por URL para cada tipo de usuario.

Browse Source
This commit is contained in:
Marcos Garcia Nuñez
2019-12-15 12:28:56 +01:00
parent 4dc6828257
commit b5a41958a2
2 changed files with 106 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
1.sources/MyHealth/src/managedbean/common/AuthorizationFilter.java
View File

@@ -2,6 +2,9 @@
package managedbean.common; package managedbean.common;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.List;
import javax.servlet.Filter; import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
@@ -14,6 +17,11 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.primefaces.model.menu.DefaultSeparator;
import org.primefaces.model.menu.DefaultSubMenu;
import common.UserType;
@WebFilter(filterName = "AuthFilter", urlPatterns = { "*.xhtml" }) @WebFilter(filterName = "AuthFilter", urlPatterns = { "*.xhtml" })
public class AuthorizationFilter implements Filter { public class AuthorizationFilter implements Filter {
@@ -34,10 +42,99 @@ public class AuthorizationFilter implements Filter {
HttpSession ses = req.getSession(false); HttpSession ses = req.getSession(false);
String reqURI = req.getRequestURI(); String reqURI = req.getRequestURI();
if (reqURI.indexOf("/login.xhtml") >= 0 || reqURI.indexOf("/RegisterUser.xhtml") >= 0 || reqURI.indexOf("/home.xhtml") >= 0 || reqURI.indexOf("/public/") >= 0
|| reqURI.contains("javax.faces.resource") || SessionUtils.isLogedIn(ses) == true) // Para recursos publicos permitimos el acceso
if (reqURI.indexOf("/login.xhtml") >= 0 || reqURI.indexOf("/profile/RegisterUser.xhtml") >= 0 || reqURI.indexOf("/home.xhtml") >= 0
|| reqURI.indexOf("/error.xhtml") >= 0 || reqURI.indexOf("/public/") >= 0 || reqURI.contains("javax.faces.resource")) {
chain.doFilter(request, response); chain.doFilter(request, response);
else return;
}
// Si el usuario está logeado comprobamos si está autorizado a ver la página
// solicitada.
if (SessionUtils.isLogedIn(ses) == true) {
UserType tipoUsuario = SessionUtils.getUserType(ses);
boolean authorized = false;
switch (tipoUsuario) {
case ADMINISTRATOR:
if (reqURI.indexOf("/systemAdmin/ManageSpecialties") > 0)
authorized = true;
if (reqURI.indexOf("/systemAdmin/ManageHealthCareCenters") > 0)
authorized = true;
if (reqURI.indexOf("/systemAdmin/ListDoctorsByCenter") > 0)
authorized = true;
if (reqURI.indexOf("/visit/VisitView") > 0)
authorized = true;
if (reqURI.indexOf("/visit/UpdateVisit") > 0)
authorized = true;
break;
case PATIENT:
if (reqURI.indexOf("/visit/VisitView") > 0)
authorized = true;
if (reqURI.indexOf("/visit/AddVisit") > 0)
authorized = true;
if (reqURI.indexOf("/visit/UpdateVisit") > 0)
authorized = true;
if (reqURI.indexOf("/visit/CancelVisit") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/AddQuestion") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/ViewMedicalTest") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/MedicalTests") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/SearchSpecialistBySpecialty") > 0)
authorized = true;
if (reqURI.indexOf("/profile/UpdateProfile") > 0)
authorized = true;
if (reqURI.indexOf("/profile/ChangeFamilyDoctor") > 0)
authorized = true;
break;
case FAMILY_DOCTOR:
if (reqURI.indexOf("/visit/VisitView") > 0)
authorized = true;
if (reqURI.indexOf("/visit/VisitAddResult") > 0)
authorized = true;
if (reqURI.indexOf("/visit/VisitViewSchedules") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/MedicalTests") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/AnswerQuestion") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/PendingQuestions") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/ViewMedicalTest") > 0)
authorized = true;
if (reqURI.indexOf("/profile/UpdateProfile") > 0)
authorized = true;
if (reqURI.indexOf("/profile/ChangePrimaryHealthCareCenter") > 0)
authorized = true;
break;
case SPECIALIST_DOCTOR:
if (reqURI.indexOf("/medicaltest/MedicalTests") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/AddMedicalTest") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/ViewMedicalTest") > 0)
authorized = true;
if (reqURI.indexOf("/medicaltest/AddImageToMedicalTest") > 0)
authorized = true;
if (reqURI.indexOf("/profile/UpdateProfile") > 0)
authorized = true;
break;
}
if (authorized == true) {
chain.doFilter(request, response);
return;
} else {
resp.sendRedirect(req.getContextPath() + "/error.xhtml");
return;
}
}
resp.sendRedirect(req.getContextPath() + "/login.xhtml"); resp.sendRedirect(req.getContextPath() + "/login.xhtml");
} catch (Exception e) { } catch (Exception e) {
System.out.println(e.getMessage()); System.out.println(e.getMessage());

5
1.sources/MyHealth/src/managedbean/common/SessionUtils.java
View File

@@ -72,7 +72,10 @@ public class SessionUtils {
} }
public static UserType getUserType() { public static UserType getUserType() {
HttpSession session = getSession(); return getUserType(getSession());
}
public static UserType getUserType(HttpSession session) {
if (session != null && session.getAttribute(SessionUtils.SESSION_VAR_USERTYPE) != null) if (session != null && session.getAttribute(SessionUtils.SESSION_VAR_USERTYPE) != null)
return UserType.class.cast(session.getAttribute(SessionUtils.SESSION_VAR_USERTYPE)); return UserType.class.cast(session.getAttribute(SessionUtils.SESSION_VAR_USERTYPE));
else else