java自定义标签(改造spring security配合控制按钮权限)_java 方法加标签控制按钮权限-CSDN博客

参考 http://gaojiewyh.iteye.com/blog/1501470

自定义一个简单的标签，传入按钮对应的url后台判断该用户是否有对应权限访问按钮。

tag java类通过SpringWiredBean获取对应的bean获取权限数据(SpringWiredBean查看我的另一篇文章)

如果直接使用bean会报错：奇怪的错

javax.naming.NameNotFoundException Name com.eversec.satanbox.security.tag.AuthorizeTag is not bound in this Context

package com.eversec.satanbox.security.tag;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.tagext.BodyTagSupport;

import org.springframework.stereotype.Component;

import com.eversec.satanbox.base.Constant;
import com.eversec.satanbox.entity.SysUser;
import com.eversec.satanbox.security.CustomInvocationSecurityMetadataSourceService;
import com.eversec.satanbox.util.SpringWiredBean;

@Component
public class AuthorizeTag extends BodyTagSupport{
	
	/**
	 * 
	 */
	private static final long serialVersionUID = 1L;

	private String buttonUrl;
	private String currentUser;


	public String getButtonUrl() {
		return buttonUrl;
	}


	public void setButtonUrl(String buttonUrl) {
		this.buttonUrl = buttonUrl;
	}


	public String getCurrentUser() {
		return currentUser;
	}

	public void setCurrentUser(String currentUser) {
		this.currentUser = currentUser;
	}


	@Override
	public int doStartTag(){
		SysUser sysUser = (SysUser)(((HttpServletRequest)this.pageContext.getRequest()).getSession().getAttribute(Constant.SESSION_USER_KEY));
		
		CustomInvocationSecurityMetadataSourceService customSecurityMetadataSource = (CustomInvocationSecurityMetadataSourceService)SpringWiredBean.getInstance().getBeanById("customSecurityMetadataSource");
		List<String> list = customSecurityMetadataSource.getUserSecurityMap().get(sysUser.getUsername());
		
		if (list != null && list.contains(buttonUrl)) {
				return EVAL_BODY_INCLUDE;
		}
		
		return this.SKIP_BODY;
	}

}

authorize.tld 放在WEB-INF下面

<?xml version="1.0" encoding="UTF-8" ?>  
<taglib xmlns="http://java.sun.com/xml/ns/javaee"  
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee   
        http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd"  
        version="2.1">  
        <description>  
        <![CDATA[security Tags]]>  
        </description>  
        <tlib-version>1.0</tlib-version>  
        <short-name>security</short-name>  
        <uri>http://www.springsecurity.org/jsp</uri>  
        <tag>  
            <description>  
            <![CDATA[authorize Tag]]>  
            </description>  
            <name>authorize</name>  
            <tag-class>  
                com.eversec.satanbox.security.tag.AuthorizeTag
            </tag-class>  
            <body-content>JSP</body-content>  
            <attribute>  
                <name>buttonUrl</name>  
                <required>false</required>  
                <rtexprvalue>true</rtexprvalue>  
                <type>java.lang.String</type>  
            </attribute>  
             <attribute>  
                <name>currentUser</name>  
                <required>false</required>  
                <rtexprvalue>true</rtexprvalue>  
                <type>java.lang.String</type>  
            </attribute>  
        </tag>  
    </taglib>

在web.xml中添加如下内容

	<jsp-config>
    <taglib>  
        <taglib-uri>http://www.springsecurity.org/jsp</taglib-uri>  
        <taglib-location>/WEB-INF/authorize.tld</taglib-location>  
    </taglib> 
    </jsp-config>

在jsp中添加如何标签引用，以及使用方式示例

<%@ taglib uri="http://www.springsecurity.org/jsp" prefix="security"%>  


					<security:authorize buttonUrl="sysLog/list">
						<a href="javascript:void(0);" class="btn btn-default btn-circle new">
							<i class="fa fa-plus"></i>
							<span class="hidden-480">新建</span>
						</a>
					</security:authorize>