参考 http://gaojiewyh.iteye.com/blog/1501470
自定义一个简单的标签,传入按钮对应的url后台判断该用户是否有对应权限访问按钮。
tag java类 通过SpringWiredBean获取对应的bean获取权限数据(SpringWiredBean查看我的另一篇文章)
如果直接使用bean会报错:奇怪的错
javax.naming.NameNotFoundException Name com.eversec.satanbox.security.tag.AuthorizeTag is not bound in this Context
package com.eversec.satanbox.security.tag;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.tagext.BodyTagSupport;
import org.springframework.stereotype.Component;
import com.eversec.satanbox.base.Constant;
import com.eversec.satanbox.entity.SysUser;
import com.eversec.satanbox.security.CustomInvocationSecurityMetadataSourceService;
import com.eversec.satanbox.util.SpringWiredBean;
@Component
public class AuthorizeTag extends BodyTagSupport{
/**
*
*/
private static final long serialVersionUID = 1L;
private String buttonUrl;
private String currentUser;
public String getButtonUrl() {
return buttonUrl;
}
public void setButtonUrl(String buttonUrl) {
this.buttonUrl = buttonUrl;
}
public String getCurrentUser() {
return currentUser;
}
public void setCurrentUser(String currentUser) {
this.currentUser = currentUser;
}
@Override
public int doStartTag(){
SysUser sysUser = (SysUser)(((HttpServletRequest)this.pageContext.getRequest()).getSession().getAttribute(Constant.SESSION_USER_KEY));
CustomInvocationSecurityMetadataSourceService customSecurityMetadataSource = (CustomInvocationSecurityMetadataSourceService)SpringWiredBean.getInstance().getBeanById("customSecurityMetadataSource");
List<String> list = customSecurityMetadataSource.getUserSecurityMap().get(sysUser.getUsername());
if (list != null && list.contains(buttonUrl)) {
return EVAL_BODY_INCLUDE;
}
return this.SKIP_BODY;
}
}
authorize.tld 放在WEB-INF下面
<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd"
version="2.1">
<description>
<![CDATA[security Tags]]>
</description>
<tlib-version>1.0</tlib-version>
<short-name>security</short-name>
<uri>http://www.springsecurity.org/jsp</uri>
<tag>
<description>
<![CDATA[authorize Tag]]>
</description>
<name>authorize</name>
<tag-class>
com.eversec.satanbox.security.tag.AuthorizeTag
</tag-class>
<body-content>JSP</body-content>
<attribute>
<name>buttonUrl</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<type>java.lang.String</type>
</attribute>
<attribute>
<name>currentUser</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<type>java.lang.String</type>
</attribute>
</tag>
</taglib>
在web.xml中添加如下内容
<jsp-config>
<taglib>
<taglib-uri>http://www.springsecurity.org/jsp</taglib-uri>
<taglib-location>/WEB-INF/authorize.tld</taglib-location>
</taglib>
</jsp-config>
在jsp中添加如何标签引用,以及使用方式示例
<%@ taglib uri="http://www.springsecurity.org/jsp" prefix="security"%>
<security:authorize buttonUrl="sysLog/list">
<a href="javascript:void(0);" class="btn btn-default btn-circle new">
<i class="fa fa-plus"></i>
<span class="hidden-480">新建</span>
</a>
</security:authorize>