struts2利用拦截器和注解进行权限控制
?
基本是在每个方法上加入注入来进行控制,有点像asp 脚本语言
package auth;import java.lang.annotation.ElementType;import java.lang.annotation.Retention;import java.lang.annotation.RetentionPolicy;import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)//指定该注解是在运行期进行@Target({ElementType.METHOD})//指定该注解要在方法上使用public @interface AuthName {? String value() default "";}?
?
?
package auth;import java.lang.reflect.Method;public class ParseAuthName {public static String parseAuthentication(Class<?> clazz, String methodName,Class<?>... parameterTypes) throws NoSuchMethodException {//根据方法名,取得方法,如果有则返回Method method = clazz.getMethod(methodName, parameterTypes);if (null != method) {AuthName authName = method.getAnnotation(AuthName.class);if (null != authName) {return authName.value();}}return null;}}?
?
下面是struts的拦截器
package auth;import com.opensymphony.xwork2.ActionContext;import com.opensymphony.xwork2.ActionInvocation;import com.opensymphony.xwork2.ActionProxy;import com.opensymphony.xwork2.interceptor.AbstractInterceptor;public class AuthInterceptor extends AbstractInterceptor {@Overridepublic String intercept(ActionInvocation invocation) throws Exception {ActionContext context = invocation.getInvocationContext();String user = (String)context.getSession().get("user") == null ? "tom" : "tom";ActionProxy proxy = invocation.getProxy();String methodName = proxy.getMethod();Object action = proxy.getAction();String auth = null;try{auth = ParseAuthName.parseAuthentication(action.getClass(),methodName, null);}catch(NoSuchMethodException ex) {ex.printStackTrace(); return "nopermisses";}if (null != auth) {if ("AUTH".equals(auth)) {return invocation.invoke();}}return "nopermisses";}}?
?
写一个action进行测试:
public class UserListAction extends ActionSupport{@AuthName(value = "admin")public String execute() {return SUCCESS;}}?
?
struts.xml文件基本配置:
?
<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"> <struts><package name="system" namespace="/admin"extends="struts-default"><interceptors><interceptor name="auth" > <result name="success">/default.jsp</result> <result name="nopermisses">/sss.jsp</result> </action></package></struts>
?web.xml文件 ,我用的是tomcat7 + servlet3.0
?
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp"xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"id="WebApp_ID" version="3.0"> <filter> <filter-name>struts-cleanup</filter-name> <filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class> </filter> <filter> <filter-name>struts2</filter-name> <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class> <init-param> <param-name>actionPackages</param-name> <param-value>action</param-value> </init-param> </filter> <filter-mapping> <filter-name>struts2</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>struts-cleanup</filter-name> <url-pattern>*.action</url-pattern> </filter-mapping><welcome-file-list><welcome-file>index.jsp</welcome-file></welcome-file-list></web-app>
?