struts1 加入 security

From: http://www.onjava.com/pub/a/onjava/2004/02/18/strutssecurity.html

 

 

1. Extending the Struts ActionMapping class

 

public class StrutsPermissionMapping 
        extends ActionMapping {

    private Integer actionId = null;
    private String label = null;
    private String canBeMadeAvailable = null;
    private String canBeMadeEditable = null;
    private String group = null;
    private String role = null;

    public StrutsPermissionMapping() {
        super();
    }

    public Integer getActionId() {
        return actionId;
    }

    public void setActionId(Integer id) {
        this.actionId = id;
    }    
...
}

 

 

2. 修改后的struts-config.xml

<struts-config>
 <form-beans>
   <form-bean name="computeForm"
  	type="com.shiftat.oreilly.web.ComputeForm"/>
...
 </form-beans>
 <action-mappings> 
  <action
   path="/compute"
   type="com.shiftat.oreilly.web.ComputeAction"
   name="computeForm"
   scope="session"
   input="/jsp/compute.jsp"
   className=
    "com.shiftat.struts.StrutsPermissionMapping"
   unknown="false"
   validate="false">
   <set-property property="actionId" 
                 value="160" />
   <set-property property="label" 
                 value="compute"/>
   <set-property property="canBeMadeAvailable" 
                 value="true"/>
   <set-property property="canBeMadeEditable" 
                 value="false"/>
   <set-property property="group" 
                 value="4"/>
   <set-property property="role" 
                 value="4"/>

   <forward name="succes" 
            path="/jsp/result.jsp"
	        redirect="false"/>
  </action>
...
 </action-mappings>
</struts-config>

 

 

3.  in the login action

 

     3.1 Retrieves the user permissions from the datastore.
     3.2 Retrieves the StrutsPermissionMappings from the Struts configuration.
     3.3 Iterates over the user permissions and retrieves the corresponding StrutsPermissionMappings.
     3.4 Stores each of the corresponding StrutsPermissionMappings in a new Map in the context for that user.

Map userActionPermissionMap 
  = retrievePortalUserActionPermissionMap(userId);
Map strutsConfigMap 
  = StrutsConfigurationHelperAction
    .retrieveStrutsActionMapping(this, request);
Map userActionNamePermissionMap = new HashMap();
if (userActionPermissionMap.keySet() != null 
 && userActionPermissionMap.keySet().size() >0) {
  Iterator it 
   = userActionPermissionMap.keySet().iterator();
  while (it.hasNext()){
	Integer actionId = (Integer)it.next();
	Integer permissionId 
	 = (Integer)userActionPermissionMap
	   .get(actionId);
	StrutsPermissionMapping mapping 
	 = (StrutsPermissionMapping)strutsConfigMap
	   .get(actionId);
	String actionPath 
	   = strutsPermissionMapping.getPath();
	userActionNamePermissionMap
	   .put(actionPath, permissionId);
  }
}
context
 .setAttribute("permissionmap",
               userActionNamePermissionMap);

 

public class StrutsConfigurationHelperAction {
    
 private static SortedMap actionMappingMap = null;
 private static ModuleConfig mConfig = null;
    
 public static SortedMap 
         retrieveStrutsActionMapping(Action action, 
                     HttpServletRequest request) {
   if (actionMappingMap == null){
       actionMappingMap = new TreeMap();
       mConfig = (ModuleConfig)request.
                   getAttribute(Globals.MODULE_KEY);
       if (mConfig == null){
           mConfig = (ModuleConfig)action.
             getServlet().getServletContext().
               getAttribute(Globals.MODULE_KEY);
       }
       if (mConfig != null){
           ActionConfig[] acfg 
               = mConfig.findActionConfigs();
           for (int i=0; i < acfg.length; i++){
              ActionConfig actionConfig = acfg[i];
              if (actionConfig instanceof 
                      StrutsPermissionMapping){
                  StrutsPermissionMapping amp = 
					 (StrutsPermissionMapping)
					       actionConfig;
                   actionMappingMap
				      .put(amp.getActionId(),amp);
               } else {
                   //Regular ActionMapping 
                   //without security attributes
               }
           }
       } else {
          System.err.println
		  		("No Struts configuration !");            
       }
   }
   return actionMappingMap;
 }

}

 

4. The check that the user has the necessary permission to call a certain action in the application can easily be done in a ServletFilter

你可能感兴趣的:(jsp,bean,Web,struts,Security)