< %@ page language="java" pageEncoding="GB18030"%>
< %
pageContext.getSession().setAttribute("user","huashui");
pageContext.getSession().setAttribute("rights","TEST_AUTH");
%>
登录成功
logout.jsp
< %@ page language="java" pageEncoding="GB18030"%>
< %
pageContext.getSession().removeAttribute("user");
pageContext.getSession().removeAttribute("rights");
%>
退出成功
index.jsp
< %@ page language="java" pageEncoding="GB18030"%> < !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>主页</title> </head> <body> <p> ${tip } </p> <a href="login.jsp">登录</a> <br /> <a href="logout.jsp">退出</a> <br /> <a href="admin/test.action">权限页面</a> </body> </html>
建好了这三个页面后,我们开始来写注解。
package org.huashui.authentication; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /** *@author Huashui *@blog http://huashui.org */ @Retention(RetentionPolicy.RUNTIME)//指定该注解是在运行期进行 @Target({ElementType.METHOD})//指定该注解要在方法上使用 public @interface AuthName { String value() default ""; }
注解本身不能起作用,注解起作用关键在于后台有一个解析器。接下来来写下这个解析器。
package org.huashui.authentication; import java.lang.reflect.Method; /** * @author huashui * @blog http://huashui.org */ public class ParseAuthName { public static String parseAuthentication(Class< ?> clazz, String methodName, Class< ?>... parameterTypes) throws NoSuchMethodException { //根据方法名,取得方法,如果有则返回 Method method = clazz.getMethod(methodName, parameterTypes); if (null != method) { AuthName authName = method.getAnnotation(AuthName.class); if (null != authName) { return authName.value(); } } return null; } }
接下来书写拦截器
package org.huashui.interceptor; import org.huashui.authentication.ParseAuthName; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionContext; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.ActionProxy; import com.opensymphony.xwork2.interceptor.AbstractInterceptor; /** * @authorhuashui * @blog http://huashui.org */ @SuppressWarnings("serial") public class AuthInterceptor extends AbstractInterceptor { @Override public String intercept(ActionInvocation invocation) throws Exception { ActionContext context = invocation.getInvocationContext(); String user = (String) context.getSession().get("user"); String rights = (String) context.getSession().get("rights"); if (null != user) { ActionProxy proxy = invocation.getProxy(); String methodName = proxy.getMethod(); Object action = proxy.getAction(); String auth = null; try { auth = ParseAuthName.parseAuthentication(action.getClass(), methodName, null); } catch (NoSuchMethodException e) { e.printStackTrace(); ActionContext.getContext().put("tip", "没有权限"); return Action.LOGIN; } if (null != auth) { if ("TEST_AUTH".equals(auth)) { return invocation.invoke(); } } ActionContext.getContext().put("tip", "没有权限"); return Action.LOGIN; } else { ActionContext.getContext().put("tip", "没有登录"); return Action.LOGIN; } } }
接下来配置下拦截器
< ?xml version="1.0" encoding="UTF-8" ?> < !DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"> <struts> <package name="huashui-default" namespace="/admin" extends="struts-default"> <interceptors> <interceptor name="auth" class="org.huashui.interceptor.AuthInterceptor"> </interceptor> <interceptor -stack name="authdefault"> </interceptor><interceptor -ref name="defaultStack"></interceptor> <interceptor -ref name="auth"></interceptor> </interceptors> <default -interceptor-ref name="authdefault"></default> </package> </struts>
配好这些后,我们开始写Action进行测试
package org.huashui.action; import org.apache.struts2.convention.annotation.Action; import org.apache.struts2.convention.annotation.ParentPackage; import org.apache.struts2.convention.annotation.Result; import org.huashui.authentication.AuthName; /** * @author 曾华水 * @email [email protected] */ @ParentPackage("huashui-default") @Namespace("/admin") public class UserListAction { @AuthName(value = "TEST_AUTH") @Action(value = "test", results = { @Result(name = "success", location = "/WEB-INF/content/success.jsp"), @Result(name = "login", location = "/index.jsp") }) public String execute() { return com.opensymphony.xwork2.Action.SUCCESS; } }
完成。