• 权限模块_使用权限_显示有权限的链接_思路分析_拦截验证每个请求的权限_完善权限的分类_一些细节


    权限模块__使用权限__显示有权限的链接1__思路分析

    实现功能

    导入源文件,找到AnchorTag.java类复制到工程中

    AnchorTag.java

    package org.apache.struts2.views.jsp.ui;
    
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.jsp.JspException;
    
    import org.apache.struts2.components.Anchor;
    import org.apache.struts2.components.Component;
    
    import cn.itcast.oa.domain.User;
    
    import com.opensymphony.xwork2.util.ValueStack;
    
    /**
     * @see Anchor
     */
    public class AnchorTag extends AbstractClosingTag {
    
        private static final long serialVersionUID = -1034616578492431113L;
    
        protected String href;
        protected String includeParams;
        protected String scheme;
        protected String action;
        protected String namespace;
        protected String method;
        protected String encode;
        protected String includeContext;
        protected String escapeAmp;
        protected String portletMode;
        protected String windowState;
        protected String portletUrlType;
        protected String anchor;
        protected String forceAddSchemeHostAndPort;
    
        @Override
        public int doEndTag() throws JspException {
            // 当前登录用户
            User user = (User) pageContext.getSession().getAttribute("user");
    
            // 当前准备显示的链接对应的权限URL
            // >> 在开头加上'/'
            String privUrl = "/" + action;
    
            if (user.hasPrivilegeByUrl(privUrl)) {
                return super.doEndTag(); // 正常的生成并显示超链接 标签,并继续执行页面中后面的代码
            } else {
                return EVAL_PAGE; // 不生成与显示超链接 标签,只是继续执行页面中后面的代码
            }
        }
    
        public Component getBean(ValueStack stack, HttpServletRequest req, HttpServletResponse res) {
            return new Anchor(stack, req, res);
        }
    
        protected void populateParams() {
            super.populateParams();
    
            Anchor tag = (Anchor) component;
            tag.setHref(href);
            tag.setIncludeParams(includeParams);
            tag.setScheme(scheme);
            tag.setValue(value);
            tag.setMethod(method);
            tag.setNamespace(namespace);
            tag.setAction(action);
            tag.setPortletMode(portletMode);
            tag.setPortletUrlType(portletUrlType);
            tag.setWindowState(windowState);
            tag.setAnchor(anchor);
    
            if (encode != null) {
                tag.setEncode(Boolean.valueOf(encode).booleanValue());
            }
            if (includeContext != null) {
                tag.setIncludeContext(Boolean.valueOf(includeContext).booleanValue());
            }
            if (escapeAmp != null) {
                tag.setEscapeAmp(Boolean.valueOf(escapeAmp).booleanValue());
            }
            if (forceAddSchemeHostAndPort != null) {
                tag.setForceAddSchemeHostAndPort(Boolean.valueOf(forceAddSchemeHostAndPort).booleanValue());
            }
        }
    
        public void setHref(String href) {
            this.href = href;
        }
    
        public void setEncode(String encode) {
            this.encode = encode;
        }
    
        public void setIncludeContext(String includeContext) {
            this.includeContext = includeContext;
        }
    
        public void setEscapeAmp(String escapeAmp) {
            this.escapeAmp = escapeAmp;
        }
    
        public void setIncludeParams(String name) {
            includeParams = name;
        }
    
        public void setAction(String action) {
            this.action = action;
        }
    
        public void setNamespace(String namespace) {
            this.namespace = namespace;
        }
    
        public void setMethod(String method) {
            this.method = method;
        }
    
        public void setScheme(String scheme) {
            this.scheme = scheme;
        }
    
        public void setValue(String value) {
            this.value = value;
        }
    
        public void setPortletMode(String portletMode) {
            this.portletMode = portletMode;
        }
    
        public void setPortletUrlType(String portletUrlType) {
            this.portletUrlType = portletUrlType;
        }
    
        public void setWindowState(String windowState) {
            this.windowState = windowState;
        }
    
        public void setAnchor(String anchor) {
            this.anchor = anchor;
        }
    
        public void setForceAddSchemeHostAndPort(String forceAddSchemeHostAndPort) {
            this.forceAddSchemeHostAndPort = forceAddSchemeHostAndPort;
        }
    }

    权限模块__使用权限__拦截验证每个请求的权限

    两个问题:拦截器怎么写,往里边写权限判断

    CheckPrivilegeInterceptor.java

    public class CheckPrivilegeInterceptor extends AbstractInterceptor {
    
        @Override
        public String intercept(ActionInvocation invocation) throws Exception {
            System.out.println("-------------之前");
            String result = invocation.invoke(); //放行
            System.out.println("-------------之后");
            return result;
        }
    }

    struts.xml

         <interceptors>
                <!-- 声明拦截器 -->
                <interceptor name="checkPrivilege" class="cn.itcast.oa.util.CheckPrivilegeInterceptor"></interceptor>
                
                <!-- 重新定义默认的拦截器栈 -->
                <interceptor-stack name="defaultStack">
                    <interceptor-ref name="checkPrivilege"></interceptor-ref>
                    <interceptor-ref name="defaultStack"></interceptor-ref>
                
                </interceptor-stack>
            </interceptors>

    另一种

    说明拦截器可以用了,接着填充代码

    struts.xml

            <!-- 全局的Result配置 -->
            <global-results>
                <result name="loginUI">/WEB-INF/jsp/userAction/loginUI.jsp</result>
                <result name="noPrivilegeError">/noPrivilegeError.jsp</result>
            </global-results>

    错误页面noPrivilegeError.jsp

    <%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
    <HTML>
    <HEAD>
        <TITLE>没有权限</TITLE>
        <%@include file="/WEB-INF/jsp/public/commons.jspf" %>
    </HEAD>   
    <BODY>
    
    <DIV ID="Title_bar">
        <DIV ID="Title_bar_Head">
            <DIV ID="Title_Head"></DIV>
            <DIV ID="Title"><!--页面标题-->
                <IMG BORDER="0" WIDTH="13" HEIGHT="13" SRC="${pageContext.request.contextPath}/style/images/title_arrow.gif"/> 提示
            </DIV>
            <DIV ID="Title_End"></DIV>
        </DIV>
    </DIV>
    
    
    <!--显示表单内容-->
    <DIV ID="MainArea">
            <DIV CLASS="ItemBlock_Title1">
            </DIV> 
            
            <DIV CLASS="ItemBlockBorder" STYLE="margin-left: 15px;">
                <DIV CLASS="ItemBlock" STYLE="text-align: center; font-size: 16px;">
                    出错了,您没有权限访问此功能!
                </DIV>
            </DIV>
            
            <!-- 操作 -->
            <DIV ID="InputDetailBar">
                <A HREF="javascript:history.go(-1);"><IMG SRC="${pageContext.request.contextPath}/style/images/goBack.png"/></A>
            </DIV>
    </DIV>
    
    </BODY>
    </HTML>

    CheckPrivilegeInterceptor.java

    public class CheckPrivilegeInterceptor extends AbstractInterceptor {
    
        @Override
        public String intercept(ActionInvocation invocation) throws Exception {
            /*System.out.println("-------------之前");
            String result = invocation.invoke(); //放行
            System.out.println("-------------之后");
            return result;*/
            
            
            //获取信息
            User user = (User) ActionContext.getContext().getSession().get("user");//当前的登录用户
            String namespace = invocation.getProxy().getNamespace();
            String actionName = invocation.getProxy().getActionName();
            
            String privUrl = namespace + actionName;//对应的权限url
            
            
            //如果未登录
            if(user == null) {
                if(privUrl.startsWith("/user_login")) {
                    //如果是去登录,就放行
                    return invocation.invoke();
                }else {
                    //如果不是去登录,就转到登录页面
                    return "loginUI";
                }
                
            }
            //如果已登录,就判断权限
            else{
                //如果有权限,就放行
                if(user.hasPrivilegeByUrl(privUrl)) {
                    return invocation.invoke();
                }
                //如果没有权限,就转到提示页面
                else{
                    return "noPrivilegeError";
                }
            }
        }
    }

    权限模块__使用权限__完善权限的分类

    User.java

        /**
         * 判定本用户是否有指定url的权限
         * @param name
         * @return
         */
        public boolean hasPrivilegeByUrl(String privUrl) {
            //超级管理员有所有的权限
            if(ifAdmin()) {
                return true;
            }
            
            // >>去掉后面的参数
            int pos = privUrl.indexOf("?");
            if(pos > -1) {
                privUrl = privUrl.substring(0,pos);
            }
            
            // >>去掉UI后缀
            if(privUrl.endsWith("UI")) {
                privUrl = privUrl.substring(0, privUrl.length() - 2);
            }
            
            //如果本URL不需要控制,则登录用户就可以使用
            Collection<String> allPrivilegeUrls = (Collection<String>) ActionContext.getContext().getApplication().get("allPrivilegeUrls");
            if(!allPrivilegeUrls.contains(privUrl)) {
                return true;
            }else{
                //普通用户要判断是否含有这个权限
                for(Role role : roles) {
                    for(Privilege priv : role.getPrivileges()) {
                        if(privUrl.equals(priv.getUrl())) {
                            return true;
                        }
                    }
                }
                return false;
            }
        }

    InitListener.java

         //准备数据:allPrivilegeUrls
            Collection<String> allPrivilegeUrls = privilegeService.getAllPrivilegeUrls(); 
            sce.getServletContext().setAttribute("allPrivilegeUrls", allPrivilegeUrls);
            System.out.println("-----------> 已准备数据 <-----------");

    PrivilegeService.java

        //查询所有权限对应的URL集合(不重复)
        Collection<String> getAllPrivilegeUrls();

    PrivilegeServiceImpl.java

      public Collection<String> getAllPrivilegeUrls() {
            return getSession().createQuery(
                    "SELECT DISTINCT p.url FROM Privilege p WHERE p.url IS NOT NULL")
                    .list();
        }

    需要处理的一些细节

    权限模块__解决小问题:重启Tomcat后还是登录状态

    用户关联的角色权限部门都实现序列化接口

    implements Serializable

    权限模块__解决小问题:登录页面嵌套的问题

  • 相关阅读:
    JavaScript--正则
    PHP-xdebug+PHPStorm的debug安装(未完)
    JavaScript--函数对象的属性caller与callee
    JavaScript--数组与伪数组(特殊对象)的区别
    【原理】scan
    【原理】Reids字典
    【Guava】Guava Cache用法
    【Nginx】缓存配置
    【劫持】网页被注入广告
    【架构】Linux结构
  • 原文地址:https://www.cnblogs.com/justdoitba/p/7820413.html
Copyright © 2020-2023  润新知