struts2之註解權限控制

http://www.cnblogs.com/linjiqin/archive/2011/10/28/2227454.html

今天結合Java的Annotation和Struts2進行註解攔截器權限控制。

功能需求：添加、查找、刪除三個功能，添加、查找功能需進行權限攔截判斷，刪除功能則不需進行權限攔截判斷。

操做流程以下：客戶未登陸或登陸已超時，提示「客戶還沒登錄或登錄已超時！！！」，終止執行，而後跳轉到某頁面；不然繼續往下執行。

                

如下模擬案例大概實現如上需求，接下來廢話少說，直接copy代碼

一、項目目錄結構

 

               

二、權限控制註解類Authority.java

package com.ljq.action;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * 用於識別在進行action調用的時候，標註該方法調用是否須要權限控制，須要什麼樣的權限的註解類。
 * 
 * 該註解類通常會包括兩個屬性，一個是須要的權限，一個是對應的action。
 *
 * @author Administrator
 *
 */
//表示在什麼級別保存該註解信息
@Retention(RetentionPolicy.RUNTIME)
//表示該註解用於什麼地方
@Target(ElementType.METHOD)
public @interface Authority {
    String actionName();
    String privilege();
}

          

三、權限攔截器類AuthorityInterceptor.java

package com.ljq.action;

import java.lang.reflect.Method;
import java.util.Date;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;

/**
 * 用於攔截請求判斷是否擁有權限的攔截器
 * 
 * @author Administrator
 *
 */
@SuppressWarnings("serial")
public class AuthorityInterceptor implements Interceptor{

    public void destroy() {
        
    }

    public void init() {
        
    }

    public String intercept(ActionInvocation actionInvocation) throws Exception {
        String methodName=actionInvocation.getProxy().getMethod();
        Method currentMethod=actionInvocation.getAction()
                   .getClass().getMethod(methodName, null);
        
        //一、判斷客戶是否登錄
        
        //從session獲取當前客戶信息
        Employee employee=(Employee)ServletActionContext
                    .getRequest().getSession().getAttribute("employee");
        if(employee==null){
            System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");   
            System.out.println("客戶還沒登錄或登錄已超時！！！");   
            System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
            System.out.println(); 
            return "index";
        }
        
        //二、進行權限控制判斷
        
        //若是該請求方法是須要進行驗證的則需執行如下邏輯
        if(currentMethod.isAnnotationPresent(Authority.class)){
            //獲取權限校驗的註解
            Authority authority=currentMethod.getAnnotation(Authority.class);
            //獲取當前請求的註解的actionName   
            String actionName=authority.actionName();
            //獲取當前請求須要的權限   
            String privilege=authority.privilege();
            
            //能夠在此判斷當前客戶是否擁有對應的權限，若是沒有能夠跳到指定的無權限提示頁面，若是擁有則能夠繼續往下執行。  
            
            //if(擁有對應的權限){
            //    return actionInvocation.invoke();  
            //}else{
            //    return "無權限";  
            //}
            
            System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");   
            System.out.println("客戶" + employee.getUserName() + "在" + new Date() + "執行了" + actionName+"方法，擁有"+privilege+"權限！！");   
            System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
            System.out.println();            
            return actionInvocation.invoke();
        }
        
        //三、進行非權限控制判斷
        
        System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");   
        System.out.println("我執行了沒有？？");    
        System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
        return "index";
    }

}

           

四、客戶信息類Employee.java

package com.ljq.action;

import java.io.Serializable;

@SuppressWarnings("serial")
public class Employee implements Serializable {

    private Integer id;
    private String userName;
    private String pwd;

    public Employee() {
    }

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public String getUserName() {
        return userName;
    }

    public void setUserName(String userName) {
        this.userName = userName;
    }

    public String getPwd() {
        return pwd;
    }

    public void setPwd(String pwd) {
        this.pwd = pwd;
    }

}

          

五、action類EmployeeAction

package com.ljq.action;

import com.opensymphony.xwork2.ActionSupport;

@SuppressWarnings("serial")
public class EmployeeAction extends ActionSupport{

    /**
     * 添加
     * 
     * 請求該方法須要擁有對test的add權限，會經過攔截器攔截  
     * 
     * @return
     */
    @Authority(actionName="test", privilege="add")
    public String add(){
        System.out.println("執行了add方法！！！");
        return SUCCESS;
    }
    
    /**
     * 查找
     * 
     * 請求該方法的時候須要擁有對test的find權限，會經過攔截器攔截  
     * 
     * @return
     * @throws Exception
     */
    @Authority(actionName="test", privilege="find")
    public String find() throws Exception {
        System.out.println("執行了find方法！！！");
        return SUCCESS;
    }
    
    /**
     * 刪除
     * 
     * 不會經過攔截器攔截，由於沒對actionName進行權限配置
     * 
     * @return
     * @throws Exception
     */
    public String delete() throws Exception {
        System.out.println("執行了delete方法！！！");
        return SUCCESS;
    }

}

     

六、首頁index.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib uri="/struts-tags" prefix="s"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'index.jsp' starting page</title>
    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">    
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
    <!--
    <link rel="stylesheet" type="text/css" href="styles.css">
    -->
  </head>
  
  <body>
     歡迎您的到來....    
  </body>
</html>

           

七、登陸頁login.jsp

 

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@page import="com.ljq.action.Employee"%>
<%
    Employee employee=new Employee();
    employee.setId(1);
    employee.setUserName("jiqinlin");
    employee.setPwd("123456");
    request.getSession().setAttribute("employee", employee);
%>

客戶已經登陸

          

八、struts2配置文件

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
    "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
    <constant name="struts.serve.static.browserCache" value="false"/>
    <constant name="struts.action.extension" value="do"/>
    <constant name="struts.i18n.encoding" value="UTF-8"/>

    <package name="base" extends="struts-default">
        <global-results>
            <result name="index">/index.jsp</result>
            <result name="success">/login.jsp</result>
        </global-results>
    </package>

    <!-- 自定義攔截器 -->
    <package name="permissionInterceptor"
        namespace="/permissionInterceptor" extends="base">
        <interceptors>
            <!-- 註冊自定義的權限控制攔截器 -->
            <interceptor name="authorityInterceptor" class="com.ljq.action.AuthorityInterceptor"/>
            
            <!-- 把自定義的權限控制攔截器和默認的攔截器棧加到新的自定義的攔截器棧 -->
            <interceptor-stack name="myInterceptors">
                <interceptor-ref name="defaultStack"/>
                <interceptor-ref name="authorityInterceptor"/>
            </interceptor-stack>
        </interceptors>
        <!-- 指定新的自定義的攔截器棧爲默認的攔截器棧，這樣自定義的權限控制攔截器就能夠發揮做用了 -->
        <default-interceptor-ref name="myInterceptors"/>
    </package>
    
    <package name="employee" extends="permissionInterceptor">
        <action name="*Employee" class="com.ljq.action.EmployeeAction" method="{1}">
        </action>
    </package>

</struts>

           

web.xml配置文件

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>
            org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>

           

            

跟蹤控制檯打印的信息

一、未登陸，訪問查找功能：http://localhost:8083/struts2_authority_interceptor/addEmployee.do

二、已登陸，訪問添加功能：http://localhost:8083/struts2_authority_interceptor/login.jsp

                                   http://localhost:8083/struts2_authority_interceptor/addEmployee.do

已登陸，訪問查找功能：http://localhost:8083/struts2_authority_interceptor/login.jsp

                                   http://localhost:8083/struts2_authority_interceptor/findEmployee.do

 

三、已登陸，訪問刪除功能

已登陸，訪問查找功能：http://localhost:8083/struts2_authority_interceptor/login.jsp

                               http://localhost:8083/struts2_authority_interceptor/deleteEmployee.do

 

 

完畢！！