来段代码提提神-那些无法回避的知识点之struts权限拦截器

来段代码提提神，重新认识自己和重新塑造自己；

第一步配置：配置Struts文件

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN"
        "http://struts.apache.org/dtds/struts-2.1.dtd">
<struts>

  	<constant name="struts.devMode" value="true" />

  	<!-- 约定Action类执行完毕以后返回资源的结果路径，必须以 "/" 开头 -->
  	<constant name="struts.convention.result.path" value="/main,/members" /> 
  	
  	<!-- 这个属性指定的是Strtus.xml中配置的 <package>节点的父节点 -->
  	<!-- <constant name="struts.convention.default.parent.package" value="admin-default" /> -->
  	
  	<!-- 确定搜索包的路径。只要是结尾为action的包都要搜索 -->
  	<constant name="struts.convention.package.locators" value="action" />
  	
  	<!-- 约定Action 类的项目根包 ：值得注意的命名空间-->
  	<constant name="struts.convention.package.locators.basePackage" value="com.san.console.action" />
  
  	<package name="admin-default" extends="convention-default">
		<interceptors>
		    <!--权限拦截器-->
		    <interceptor name="permissionInterceptor" class="com.san.console.interceptor.PermissionInterceptor" />
		    <interceptor-stack name="permitStack">
	            <interceptor-ref name="permissionInterceptor"/>
	               <interceptor-ref name="actionMappingParams"/>
	               <interceptor-ref name="params">
	                   <param name="excludeParams">dojo\..*,^struts\..*</param>
	               </interceptor-ref>
	               <interceptor-ref name="conversionError"/>
	               <!-- 一定要加上默认的拦截器 如果不写会被覆盖的   -->
	               <interceptor-ref name="defaultStack"/>
	        </interceptor-stack>
	    </interceptors>
	    <!-- 配置struts2框架运行时，默认执行自定义拦截器栈 -->
	    <default-interceptor-ref name="permitStack" />
		<global-results>
		       <!-- 登录页 -->
		       <result name="loginpage" type="redirect">/login.jsp</result>
		       <!-- 无权提示页 -->
	           <result name="nopermit" type="redirect">/main/common/nopermit.jsp</result>
	           <!-- 异常错误页 -->
	           <result name="allException">/main/common/error.jsp</result>
	       </global-results> 
	       
	       
		<global-exception-mappings>
			<exception-mapping result="allException" exception="java.lang.Exception" />
		</global-exception-mappings> 
	</package> 
	
</struts>

第二步：定义拦截器的功能

import java.lang.reflect.Method;
import java.util.Locale;

import org.apache.commons.lang.StringUtils;
import org.apache.struts2.ServletActionContext;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.opensymphony.xwork2.util.LocalizedTextUtil;
import com.sand.o2oconsole.entity.ManageUser;
import com.sand.o2oconsole.utils.ApplicationConfig;
import com.sand.o2oconsole.utils.LogRecord;
import com.sand.o2oconsole.utils.WebConstant;
import com.vanceinfo.framework.web.struts2.Struts2Utils;

/**
 *          Function List: 权限拦截器
 */
public class PermissionInterceptor extends AbstractInterceptor {
	public String intercept(ActionInvocation invocation) throws Exception {
		Object action = invocation.getAction();
		String classType = action.getClass().getName();
		Class className = Class.forName(classType);		
		Method method = action.getClass().getMethods()[0];
		String res = "";
		String reqActionName = invocation.getProxy().getActionName();
		String actionname = invocation.getProxy().getActionName();
		String methodname = invocation.getProxy().getMethod();
		ApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(ServletActionContext.getServletContext());	
		String actionDesc = LocalizedTextUtil.findDefaultText(className.getSimpleName()+"."+methodname, new Locale(ApplicationConfig.DEFAULT_LOCALE));
		LogRecord logRecord = method.getAnnotation(LogRecord.class);
		if (!StringUtils.isNotBlank(actionDesc) && logRecord != null) {
			actionDesc = logRecord.actionDesc();
		}
		if (action instanceof Protected) {
			Protected pro = (Protected) action;
			if (!pro.hasPermission(actionname, methodname)) {
				//return "nopermit";注释掉，先不使用
			}
			if(StringUtils.equals(actionname, "systemlogin") && StringUtils.equals(methodname, "login")){//跳过登陆action
				return invocation.invoke();
			}else{
				ManageUser gmacUser = (ManageUser) Struts2Utils.getSession().getAttribute(WebConstant.SESSION_EMPLOYEE_BEAN);
				if(gmacUser==null){
					return "loginpage";
				}
				}
		}
		return invocation.invoke();
	}

}