struts2利用拦截器和注解进行权限控制
基本是在每个方法上加入注入来进行控制,有点像asp 脚本语言
package auth; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)//指定该注解是在运行期进行
@Target({ElementType.METHOD})//指定该注解要在方法上使用
public @interface AuthName {
String value() default "";
}
package auth;
import java.lang.reflect.Method;
public class ParseAuthName {
public static String parseAuthentication(Class<?> clazz, String methodName,Class<?>... parameterTypes) throws NoSuchMethodException {
//根据方法名,取得方法,如果有则返回
Method method = clazz.getMethod(methodName, parameterTypes);
if (null != method) {
AuthName authName = method.getAnnotation(AuthName.class);
if (null != authName) {
return authName.value();
}
}
return null;
}
}
下面是struts的拦截器
package auth;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.ActionProxy;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class AuthInterceptor extends AbstractInterceptor {
@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext context = invocation.getInvocationContext();
String user = (String)context.getSession().get("user") == null ? "tom" : "tom";
ActionProxy proxy = invocation.getProxy();
String methodName = proxy.getMethod();
Object action = proxy.getAction();
String auth = null;
try{
auth = ParseAuthName.parseAuthentication(action.getClass(),methodName, null);
}catch(NoSuchMethodException ex) {
ex.printStackTrace();
return "nopermisses";
}
if (null != auth) {
if ("AUTH".equals(auth)) {
return invocation.invoke();
}
}
return "nopermisses";
}
}
写一个action进行测试:
public class UserListAction extends ActionSupport{
@AuthName(value = "admin")
public String execute() {
return SUCCESS;
}
}
struts.xml文件基本配置:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<package name="system" namespace="/admin" extends="struts-default">
<interceptors>
<interceptor name="auth" class="auth.AuthInterceptor"></interceptor>
<interceptor-stack name="authdefault">
<interceptor-ref name="defaultStack"></interceptor-ref>
<interceptor-ref name="auth"></interceptor-ref>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="authdefault"></default-interceptor-ref>
<action name="author" class="action.UserListAction" >
<result name="success">/default.jsp</result>
<result name="nopermisses">/sss.jsp</result>
</action>
</package>
</struts>
web.xml文件 ,我用的是tomcat7 + servlet3.0
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<filter>
<filter-name>struts-cleanup</filter-name>
<filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
</filter>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
<init-param>
<param-name>actionPackages</param-name>
<param-value>action</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts-cleanup</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>