Struts2使用Interceptor实现权限控制的应用实例详解

Struts2使用Interceptor实现权限控制的应用实例详解

拦截器：是Struts2框架的核心，重点之重。因此，对于我们要向彻底学好Struts2.0.读源码和使用拦截器是必不可少的。少说了。下面就Interceptor在Struts2中的一个非常常用的例子进行解析。网上也找了很多的例子，感觉都是讲的不太详细，自己从网上找了许多资料，下面就自己对其理解进行分析。

     首先，权限控制，就是，当我们使用不同的用户对某个模块或是系统进行操作的时候可以根据其不同的权限进行不同的设置。本博文就其简单的分析一下，好让自己理解。我是对于一个登陆的用户，若是其没有登录成功到该系统，则当其在浏览器中直接输入地址进行访问的时候我自定义的拦截器AuthorityInterceptor.java类将会进行判断，从而达到进行权限的判断。禁止其直接进行访问，只有当我们成功登录之后，session中存在username=clark的Map设置的时候才可以访问相应的页面。从而达到了权限控制。代码如下：

自定义拦截器：

package com.interceptor;
import java.util.Map;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
/**
 * 权限控制拦截器
 * @author Administrator
 *
 */
public class AuthorityInterceptor extends AbstractInterceptor {
public String intercept(ActionInvocation invocation) throws Exception {
//取得请求相关的ActionContext实例
ActionContext cxt = invocation.getInvocationContext();
Map session = cxt.getSession();
String username = (String)session.get("username");
//如果用户没有登录，或者是登录的用户名不是clark，都不准其登录
if(username != null && username.equals("clark")){
return invocation.invoke();//会自动调用下一个拦截器或者放行到Action的execute方法
}
//没有登录，将服务器提示设置成一个HttpServletRequest
cxt.put("tip", "您还没有登录，请登录系统");
return Action.LOGIN;
}
}

     Struts2 的Action

package com.action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;
public class LoginAction extends ActionSupport {
private static final long serialVersionUID = 20130924L;
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public static long getSerialversionuid() {
return serialVersionUID;
}

@Override
public String execute() throws Exception {
if(isInvalid(getUsername())){
return INPUT;
}
if(isInvalid(getPassword())){
return INPUT;
}
if((getUsername().equals("clark"))&&(getPassword().equals("123456"))){
//通过ActionContext对象访问Web应用的Session
ActionContext.getContext().getSession().put("username", getUsername());
ActionContext.getContext().getSession().put("password", getPassword());
System.out.println(getUsername()+"---------"+getPassword());
return SUCCESS;
}else{
return ERROR;
}
}
public boolean isInvalid(String value) {
return (value == null || value.length() == 0);
}
public String add(){
return SUCCESS;
}
public String show(){
return SUCCESS;
}
public String query(){
return SUCCESS;
}
}

  struts.xml配置文件如下

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
  "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
  "http://struts.apache.org/dtds/struts-2.0.dtd">
  <struts>
  <include file="struts-default.xml"></include>
  <!-- 不受权限控制的Action请求配置 -->
  <package name="non-authority" extends="struts-default">
  <action name="login" class="com.action.LoginAction">
  <result name="input">/login.jsp</result>
  <result name="error">/fail.jsp</result>
  <result name="success">/welcome.jsp</result>
  </action>
  <action name="query" class="com.action.LoginAction" method="query">
  <result name="success">/query.jsp</result>
  </action>
  </package>
  <!-- 受权限控制的Action请求配置 -->
  <package name="authority" extends="struts-default">
  <!-- 定义一个拦截器，用于权限控制 -->
  <interceptors>
  <interceptor name="authority" class="com.interceptor.AuthorityInterceptor">
  </interceptor>
  <interceptor-stack name="mydefault">
  <interceptor-ref name="defaultStack"></interceptor-ref>
  <interceptor-ref name="authority"></interceptor-ref>
  </interceptor-stack>
  </interceptors>
  <!-- 配置默认的interceptor -->
  <default-interceptor-ref name="mydefault"></default-interceptor-ref>
  <!-- 配置全局Result -->
  <global-results>
  <result name="login">/login.jsp</result>
  </global-results>
  <action name="show" class="com.action.LoginAction" method="show">
  <result name="success">/show.jsp</result>
  <!-- <interceptor-ref name="mydefault"></interceptor-ref>  -->
  </action>
  <action name="add" class="com.action.LoginAction" method="add">
  <result name="success">/add.jsp</result>
  <!-- <interceptor-ref name="mydefault"></interceptor-ref>-->
  </action>
  </package>
  </struts>

相应的jsp页面如下：

login.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags"  prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>login page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">    
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
  </head>
  
  <body>
  <h1>欢迎来到登录页面</h1>
    <s:form action="login">
    <s:textfield name="username" label="用户名"/><br/>
    <s:textfield name="password" label="密码"/><br/>
    <s:submit value="登录"/><br/>
    </s:form>
  </body>
</html>

welcome.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags"  prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>login success</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">    
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
  </head>
  
  <body>
    <s:text name="succTip" />
    <br>
    <p />
    <s:a href="show.action">show</s:a>
    <p />
    <s:a href="add.action">add</s:a>
    <p />
    <s:a href="query.action">query</s:a>
    <p />
  </body>
</html>

fail.jsp页面:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags"  prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>login fail</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">    
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
  </head>
  
  <body>
    <s:text name="failTip" />
    <br>
    <p />
    <s:a href="login.jsp">return</s:a>
  </body>
</html>

add.jsp页面：

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags"  prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>add page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">    
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
  </head>
  
  <body>
    <s:text name="addTip" />
    <p/>
    <s:a href="login.jsp">return login</s:a>
  </body>
</html>

show.jsp页面

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags"  prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>show page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">    
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
  </head>
  
  <body>
    <s:text name="showTip" />
    <p/>
    <s:a href="login.jsp">return login</s:a>
  </body>
</html>

query,jsp页面

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags"  prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>query page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">    
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
  </head>
  
  <body>
    <s:text name="queryTip" />
    <p/>
    <s:a href="login.jsp">return login</s:a>
  </body>
</html>