struts2根据拦截器实现链接的权限管理

首先在struts.xml的配置中添加拦截器
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
        "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
        "http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
	<constant name="struts.objectFactory" value="spring"></constant>
	<constant name="struts.action.extension" value="action,xhtml" />
	<constant name="struts.i18n.encoding" value="UTF-8" />
	<constant name="struts.custom.i18n.resources"
		value="com.gd.resource.template.LabelResources,com.gd.resource.privilege.LabelResources"></constant>
	<package name="ehrDefault" extends="struts-default">
		<result-types>
			<result-type name="tiles"
				class="org.apache.struts2.views.tiles.TilesResult" />
		</result-types>
		<interceptors>
			<interceptor name="admin"
				class="com.XX.interceptor.AdminInterceptor" />
			<interceptor-stack name="requireLogin">
				<interceptor-ref name="defaultStack" />
				<interceptor-ref name="admin" />
			</interceptor-stack>
		</interceptors>
		<default-interceptor-ref name="requireLogin" />
		<global-results>
			<result name="login" type="redirect">/index.jsp</result>
		</global-results>......

然后是拦截器类:
package com.gd.interceptor;

import java.util.Map;

import javax.servlet.ServletContext;

import org.apache.commons.lang.StringUtils;
import org.apache.struts2.ServletActionContext;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

import com.gd.po.Userinfo;
import com.gd.service.ISecurityPermissionManager;
import com.gd.service.ISecurityUserManager;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;

public class AdminInterceptor extends AbstractInterceptor {
	
	private static final long serialVersionUID = 7426957840297915277L;
	@Override
	public String intercept(ActionInvocation ai) throws Exception {
		Map<String, Object> session = ai.getInvocationContext().getSession();
		if (session == null) {
			return Action.LOGIN;
		}
		Userinfo user = (Userinfo) session.get("user");
		if (user == null) {
			session.put("message", "请先登录!");
			return Action.LOGIN;
		}
		
		// 用户访问Action权限判断
		if (!actionAuthority(ai, session)) {
			return Action.LOGIN;
		}

		return ai.invoke();
	}
	public boolean actionAuthority(ActionInvocation ai, Map<String, Object> session) {
		// 用户访问Action权限判断
		ServletContext sc = ServletActionContext.getServletContext();
                //此处获取请求的action及其方法
		String permission = ai.getProxy().getActionName().toLowerCase() + "." + ai.getProxy().getMethod().toLowerCase();
		ApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(sc);
		ISecurityUserManager securityUserManager = (ISecurityUserManager) context.getBean("securityUserManager");
		ISecurityPermissionManager securityPermissionManager = (ISecurityPermissionManager) context.getBean("securityPermissionManager");
                //查询数据库是否有相同的链接有相同的则有权限访问
		if(!securityPermissionManager.checkIsRepeatPermission(permission)){
			return true;
		}
		if(securityUserManager!=null){
			Userinfo userInfo=(Userinfo)session.get("user");
			return securityUserManager.checkPrivilege(userInfo.getUserName(),permission);
		}
		return true;
	}
}

你可能感兴趣的:(struts2)