标签:java权限
以ssh框架来解释权限系统
首先在struts.xml里面配置2个拦截器栈,
第一个是登陆拦截器栈,没有登陆的用户就会被拦截,提示其登陆
<!-- begin intercepter --> <package name="haslogin" namespace="/" extends="json-default"> <interceptors> <interceptor name="loginInter" class="com.interceptor.LoginInterceptor"></interceptor> <interceptor-stack name="mydefault"> <interceptor-ref name="loginInter"></interceptor-ref> <interceptor-ref name="defaultStack"></interceptor-ref> </interceptor-stack> </interceptors> <default-interceptor-ref name="mydefault"></default-interceptor-ref> <global-results> <result name="login">/management/login.jsp</result> </global-results> </package> <!-- end intercepter -->
第二个是权限拦截器栈,先判断是否登陆,没登陆就跳到登陆,再判断权限,没权限跳到无权限页面
<!-- begin role intercepter --> <package name="hasrole" namespace="/" extends="json-default"> <!-- role intercepter --> <interceptors> <interceptor name="roleInter" class="com.interceptor.RoleInterceptor"></interceptor> <interceptor name="loginInter" class="com.interceptor.LoginInterceptor"></interceptor> <interceptor-stack name="mydefault"> <interceptor-ref name="loginInter"></interceptor-ref> <interceptor-ref name="roleInter"></interceptor-ref> <interceptor-ref name="defaultStack"></interceptor-ref> </interceptor-stack> </interceptors> <default-interceptor-ref name="mydefault"></default-interceptor-ref> <global-results> <result name="login">/management/login.jsp</result> <result name="none">/WEB_INF/404.jsp</result> </global-results> </package> <!--end role intercepter -->
第二步编写登陆拦截器 检查session中userid是否为null , 如果是 ,就让用户去登陆页面
package com.interceptor; import java.util.Map; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionContext; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.interceptor.AbstractInterceptor; public class LoginInterceptor extends AbstractInterceptor { private static final long serialVersionUID = 1L; @Override public String intercept(ActionInvocation invocation) throws Exception { ActionContext ctx = invocation.getInvocationContext(); Map<String,Object> session = ctx.getSession(); String user = null; if (session.get("userid")!=null) { user=session.get("userid").toString(); } if (user != null) { return invocation.invoke(); } return Action.LOGIN; } }第三步 编写权限拦截器
package com.interceptor; import java.util.HashSet; import java.util.Map; import java.util.Set; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionContext; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.interceptor.AbstractInterceptor; public class RoleInterceptor extends AbstractInterceptor { private static final long serialVersionUID = 1L; @SuppressWarnings("unchecked") @Override public String intercept(ActionInvocation invocation) throws Exception { Map<String, Object> session = ActionContext.getContext().getSession(); Set<com.entity.ModuleFun> roles = new HashSet<com.entity.<span style="font-family: Arial, Helvetica, sans-serif;">ModuleFun</span><span style="font-family: Arial, Helvetica, sans-serif;">>();</span> String currUrl = invocation.getProxy().getActionName();//获取当前action的name if (session.get("roles") != null) {//用户登陆时将权限放入session中 roles = (Set<com.entity.ModuleFun>) session.get("roles"); for (com.entity.ModuleFun mfun: roles) {<span style="font-family: Arial, Helvetica, sans-serif;"> </span>
<span style="white-space:pre"></span><pre name="code" class="html"><span style="white-space:pre"> </span>if (mfun.getUrls.equals(currUrl+".action")) { return invocation.invoke(); }
} } return Action.NONE; } }三在登陆时把userid和roles存入session中
标签:java权限
原文地址:http://blog.csdn.net/maskdfe/article/details/37927413