Implementada seguridad por URL para cada tipo de usuario.
This commit is contained in:
Marcos Garcia Nuñez
@@ -2,6 +2,9 @@
|
||||
package managedbean.common;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Dictionary;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
@@ -14,6 +17,11 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.primefaces.model.menu.DefaultSeparator;
|
||||
import org.primefaces.model.menu.DefaultSubMenu;
|
||||
|
||||
import common.UserType;
|
||||
|
||||
@WebFilter(filterName = "AuthFilter", urlPatterns = { "*.xhtml" })
|
||||
public class AuthorizationFilter implements Filter {
|
||||
|
||||
@@ -34,11 +42,100 @@ public class AuthorizationFilter implements Filter {
|
||||
HttpSession ses = req.getSession(false);
|
||||
|
||||
String reqURI = req.getRequestURI();
|
||||
if (reqURI.indexOf("/login.xhtml") >= 0 || reqURI.indexOf("/RegisterUser.xhtml") >= 0 || reqURI.indexOf("/home.xhtml") >= 0 || reqURI.indexOf("/public/") >= 0
|
||||
|| reqURI.contains("javax.faces.resource") || SessionUtils.isLogedIn(ses) == true)
|
||||
|
||||
// Para recursos publicos permitimos el acceso
|
||||
if (reqURI.indexOf("/login.xhtml") >= 0 || reqURI.indexOf("/profile/RegisterUser.xhtml") >= 0 || reqURI.indexOf("/home.xhtml") >= 0
|
||||
|| reqURI.indexOf("/error.xhtml") >= 0 || reqURI.indexOf("/public/") >= 0 || reqURI.contains("javax.faces.resource")) {
|
||||
chain.doFilter(request, response);
|
||||
else
|
||||
resp.sendRedirect(req.getContextPath() + "/login.xhtml");
|
||||
return;
|
||||
}
|
||||
|
||||
// Si el usuario está logeado comprobamos si está autorizado a ver la página
|
||||
// solicitada.
|
||||
if (SessionUtils.isLogedIn(ses) == true) {
|
||||
UserType tipoUsuario = SessionUtils.getUserType(ses);
|
||||
boolean authorized = false;
|
||||
|
||||
switch (tipoUsuario) {
|
||||
case ADMINISTRATOR:
|
||||
if (reqURI.indexOf("/systemAdmin/ManageSpecialties") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/systemAdmin/ManageHealthCareCenters") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/systemAdmin/ListDoctorsByCenter") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/visit/VisitView") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/visit/UpdateVisit") > 0)
|
||||
authorized = true;
|
||||
break;
|
||||
case PATIENT:
|
||||
if (reqURI.indexOf("/visit/VisitView") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/visit/AddVisit") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/visit/UpdateVisit") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/visit/CancelVisit") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/AddQuestion") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/ViewMedicalTest") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/MedicalTests") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/SearchSpecialistBySpecialty") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/profile/UpdateProfile") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/profile/ChangeFamilyDoctor") > 0)
|
||||
authorized = true;
|
||||
break;
|
||||
case FAMILY_DOCTOR:
|
||||
if (reqURI.indexOf("/visit/VisitView") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/visit/VisitAddResult") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/visit/VisitViewSchedules") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/MedicalTests") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/AnswerQuestion") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/PendingQuestions") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/ViewMedicalTest") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/profile/UpdateProfile") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/profile/ChangePrimaryHealthCareCenter") > 0)
|
||||
authorized = true;
|
||||
break;
|
||||
case SPECIALIST_DOCTOR:
|
||||
if (reqURI.indexOf("/medicaltest/MedicalTests") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/AddMedicalTest") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/ViewMedicalTest") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/medicaltest/AddImageToMedicalTest") > 0)
|
||||
authorized = true;
|
||||
if (reqURI.indexOf("/profile/UpdateProfile") > 0)
|
||||
authorized = true;
|
||||
break;
|
||||
}
|
||||
|
||||
if (authorized == true) {
|
||||
chain.doFilter(request, response);
|
||||
return;
|
||||
} else {
|
||||
resp.sendRedirect(req.getContextPath() + "/error.xhtml");
|
||||
return;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
resp.sendRedirect(req.getContextPath() + "/login.xhtml");
|
||||
} catch (Exception e) {
|
||||
System.out.println(e.getMessage());
|
||||
}
|
||||
|
||||
@@ -72,7 +72,10 @@ public class SessionUtils {
|
||||
}
|
||||
|
||||
public static UserType getUserType() {
|
||||
HttpSession session = getSession();
|
||||
return getUserType(getSession());
|
||||
}
|
||||
|
||||
public static UserType getUserType(HttpSession session) {
|
||||
if (session != null && session.getAttribute(SessionUtils.SESSION_VAR_USERTYPE) != null)
|
||||
return UserType.class.cast(session.getAttribute(SessionUtils.SESSION_VAR_USERTYPE));
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user