对于添加删除 初始化密码等操作的权限 控制
第一种方法就是在每个超链接前加 判断 如
<s:if test="#session.user.hasPrivilegeByName(name)"> <td><s:a action="department_delete?id=%{id}&parentId=%{parent.id}" onClick="return window.confirm('这将删除所有的下级部门,您确定要删除吗?')">删除</s:a> <s:a action="department_editUI?id=%{id}">修改</s:a> </td>
还有一种就是通过修改struts2 <a/>标签的源码实现 首先在/META-INF/struts-tags.tld文件中找到a 标签
<name>a</name>
<tag-class>org.apache.struts2.views.jsp.ui.AnchorTag</tag-class>
<body-content>JSP</body-content>
<attribute>
<description><![CDATA[Set the html accesskey attribute on rendered html element]]></description>
<name>accesskey</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
<attribute>
<description><![CDATA[The action to generate the URL for, if not using value]]></description>
<name>action</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>......................................................
.....................................
第二行有它的实现类找到 copy到自己的src下面 包名什么的都要一样 重复没事,因为它会先去找自己的class再去找jar文件中的
源码如下:
public class AnchorTag extends AbstractClosingTag { private static final long serialVersionUID = -1034616578492431113L; protected String href; protected String includeParams; protected String scheme; protected String action; protected String namespace; protected String method; protected String encode; protected String includeContext; protected String escapeAmp; protected String portletMode; protected String windowState; protected String portletUrlType; protected String anchor; protected String forceAddSchemeHostAndPort; public Component getBean(ValueStack stack, HttpServletRequest req, HttpServletResponse res) { return new Anchor(stack, req, res); } protected void populateParams() { super.populateParams(); Anchor tag = (Anchor) component; tag.setHref(href); tag.setIncludeParams(includeParams); tag.setScheme(scheme); tag.setValue(value); tag.setMethod(method); tag.setNamespace(namespace); tag.setAction(action); tag.setPortletMode(portletMode); tag.setPortletUrlType(portletUrlType); tag.setWindowState(windowState); tag.setAnchor(anchor); if (encode != null) { tag.setEncode(Boolean.valueOf(encode).booleanValue()); } if (includeContext != null) { tag.setIncludeContext(Boolean.valueOf(includeContext).booleanValue()); } if (escapeAmp != null) { tag.setEscapeAmp(Boolean.valueOf(escapeAmp).booleanValue()); } if (forceAddSchemeHostAndPort != null) { tag.setForceAddSchemeHostAndPort(Boolean.valueOf(forceAddSchemeHostAndPort).booleanValue()); } } public void setHref(String href) { this.href = href; } public void setEncode(String encode) { this.encode = encode; } //这里省略好多get set 方法然后在自己copy过来的源码中加入 doEndTag()方法。。。可以操作s:a标签中的属性,判断权限 等等 加入后代码如下
@Override public int doEndTag() throws JspException { //当前用户 User user=(User) pageContext.getSession().getAttribute("user"); //当前要显示的权限的对应的url String privUrl=action; // 注意edit 和editUI 都对应edit //去掉后面的参数 int pos=privUrl.indexOf("?"); if(pos>-1){ privUrl= privUrl.substring(0, pos); } //去掉UI if(privUrl.endsWith("UI")){ privUrl= privUrl.substring(0, privUrl.length()-2); } if(user.hasPrivilegeByUrl("/"+privUrl)/*有权限吗*/){ return super.doEndTag();//正常的生成并显示超链接标签 并继续执行后面的代码 } else { return EVAL_PAGE;//什么都不做 (不显示超链接)只是继续执行后面页面的代码 } }