struts 权限控制
生活随笔
收集整理的這篇文章主要介紹了
struts 权限控制
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
今天結合Java的Annotation和Struts2進行注解攔截器權限控制。
功能需求:添加、查找、刪除三個功能,添加、查找功能需進行權限攔截判斷,刪除功能則不需進行權限攔截判斷。
操作流程如下:客戶未登錄或登錄已超時,提示“客戶還沒登陸或登陸已超時!!!”,終止執行,然后跳轉到某頁面;否則繼續往下執行。
????????????????
以下模擬案例大概實現如上需求,接下來廢話少說,直接copy代碼
1、項目目錄結構
?
???????????????
2、權限控制注解類Authority.java
package com.ljq.action;import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 用于識別在進行action調用的時候,標注該方法調用是否需要權限控制,需要什么樣的權限的注解類。
*
* 該注解類一般會包括兩個屬性,一個是需要的權限,一個是對應的action。
*
* @author Administrator
*
*/
//表示在什么級別保存該注解信息
@Retention(RetentionPolicy.RUNTIME)
//表示該注解用于什么地方
@Target(ElementType.METHOD)
public @interface Authority {
String actionName();
String privilege();
}
??????????
3、權限攔截器類AuthorityInterceptor.java
package com.ljq.action;import java.lang.reflect.Method;
import java.util.Date;
import org.apache.struts2.ServletActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
/**
* 用于攔截請求判斷是否擁有權限的攔截器
*
* @author Administrator
*
*/
@SuppressWarnings("serial")
public class AuthorityInterceptor implements Interceptor{
public void destroy() {
}
public void init() {
}
public String intercept(ActionInvocation actionInvocation) throws Exception {
String methodName=actionInvocation.getProxy().getMethod();
Method currentMethod=actionInvocation.getAction()
.getClass().getMethod(methodName, null);
//1、判斷客戶是否登陸
//從session獲取當前客戶信息
Employee employee=(Employee)ServletActionContext
.getRequest().getSession().getAttribute("employee");
if(employee==null){
System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
System.out.println("客戶還沒登陸或登陸已超時!!!");
System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
System.out.println();
return "index";
}
//2、進行權限控制判斷
//如果該請求方法是需要進行驗證的則需執行以下邏輯
if(currentMethod.isAnnotationPresent(Authority.class)){
//獲取權限校驗的注解
Authority authority=currentMethod.getAnnotation(Authority.class);
//獲取當前請求的注解的actionName
String actionName=authority.actionName();
//獲取當前請求需要的權限
String privilege=authority.privilege();
//可以在此判斷當前客戶是否擁有對應的權限,如果沒有可以跳到指定的無權限提示頁面,如果擁有則可以繼續往下執行。
//if(擁有對應的權限){
// return actionInvocation.invoke();
//}else{
// return "無權限";
//}
System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
System.out.println("客戶" + employee.getUserName() + "在" + new Date() + "執行了" + actionName+"方法,擁有"+privilege+"權限!!");
System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
System.out.println();
return actionInvocation.invoke();
}
//3、進行非權限控制判斷
System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
System.out.println("我執行了沒有??");
System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
return "index";
}
}
???????????
4、客戶信息類Employee.java
package com.ljq.action;import java.io.Serializable;
@SuppressWarnings("serial")
public class Employee implements Serializable {
private Integer id;
private String userName;
private String pwd;
public Employee() {
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPwd() {
return pwd;
}
public void setPwd(String pwd) {
this.pwd = pwd;
}
}
??????????
5、action類EmployeeAction
package com.ljq.action;import com.opensymphony.xwork2.ActionSupport;
@SuppressWarnings("serial")
public class EmployeeAction extends ActionSupport{
/**
* 添加
*
* 請求該方法需要擁有對test的add權限,會通過攔截器攔截
*
* @return
*/
@Authority(actionName="test", privilege="add")
public String add(){
System.out.println("執行了add方法!!!");
return SUCCESS;
}
/**
* 查找
*
* 請求該方法的時候需要擁有對test的find權限,會通過攔截器攔截
*
* @return
* @throws Exception
*/
@Authority(actionName="test", privilege="find")
public String find() throws Exception {
System.out.println("執行了find方法!!!");
return SUCCESS;
}
/**
* 刪除
*
* 不會通過攔截器攔截,因為沒對actionName進行權限配置
*
* @return
* @throws Exception
*/
public String delete() throws Exception {
System.out.println("執行了delete方法!!!");
return SUCCESS;
}
}
?????
6、首頁index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@taglib uri="/struts-tags" prefix="s"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
歡迎您的到來....
</body>
</html>
???????????
7、登錄頁login.jsp
?
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@page import="com.ljq.action.Employee"%>
<%
Employee employee=new Employee();
employee.setId(1);
employee.setUserName("jiqinlin");
employee.setPwd("123456");
request.getSession().setAttribute("employee", employee);
%>
客戶已經登錄
??????????
8、struts2配置文件
<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<constant name="struts.serve.static.browserCache" value="false"/>
<constant name="struts.action.extension" value="do"/>
<constant name="struts.i18n.encoding" value="UTF-8"/>
<package name="base" extends="struts-default">
<global-results>
<result name="index">/index.jsp</result>
<result name="success">/login.jsp</result>
</global-results>
</package>
<!-- 自定義攔截器 -->
<package name="permissionInterceptor"
namespace="/permissionInterceptor" extends="base">
<interceptors>
<!-- 注冊自定義的權限控制攔截器 -->
<interceptor name="authorityInterceptor" class="com.ljq.action.AuthorityInterceptor"/>
<!-- 把自定義的權限控制攔截器和默認的攔截器棧加到新的自定義的攔截器棧 -->
<interceptor-stack name="myInterceptors">
<interceptor-ref name="defaultStack"/>
<interceptor-ref name="authorityInterceptor"/>
</interceptor-stack>
</interceptors>
<!-- 指定新的自定義的攔截器棧為默認的攔截器棧,這樣自定義的權限控制攔截器就可以發揮作用了 -->
<default-interceptor-ref name="myInterceptors"/>
</package>
<package name="employee" extends="permissionInterceptor">
<action name="*Employee" class="com.ljq.action.EmployeeAction" method="{1}">
</action>
</package>
</struts>
???????????
web.xml配置文件
<?xml version="1.0" encoding="UTF-8"?><web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
???????????
????????????
跟蹤控制臺打印的信息
1、未登錄,訪問查找功能:http://localhost:8083/struts2_authority_interceptor/addEmployee.do
2、已登錄,訪問添加功能:http://localhost:8083/struts2_authority_interceptor/login.jsp
???????????????????????????????????http://localhost:8083/struts2_authority_interceptor/addEmployee.do
已登錄,訪問查找功能:http://localhost:8083/struts2_authority_interceptor/login.jsp
???????????????????????????????????http://localhost:8083/struts2_authority_interceptor/findEmployee.do
?
3、已登錄,訪問刪除功能
已登錄,訪問查找功能:http://localhost:8083/struts2_authority_interceptor/login.jsp
???????????????????????????????http://localhost:8083/struts2_authority_interceptor/deleteEmployee.do
?
?
完畢!!
轉載于:https://www.cnblogs.com/SunShineSimple/p/4889705.html
與50位技術專家面對面20年技術見證,附贈技術全景圖總結
以上是生活随笔為你收集整理的struts 权限控制的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: SCI科技论文写作技巧-核心价值
- 下一篇: 20135219洪韶武——信息安全系统设