对于添加删除 初始化密码等操作的权限 控制
第一种方法就是在每个超链接前加 判断 如
<s:if test="#session.user.hasPrivilegeByName(name)">
<td><s:a action="department_delete?id=%{id}&parentId=%{parent.id}" onClick="return window.confirm('这将删除所有的下级部门,您确定要删除吗?')">删除</s:a>
<s:a action="department_editUI?id=%{id}">修改</s:a>
</td>
这种方法需要在每个a 标签前加判断 太过麻烦
还有一种就是通过修改struts2 <a/>标签的源码实现 首先在/META-INF/struts-tags.tld文件中找到a 标签
<name>a</name>
<tag-class>org.apache.struts2.views.jsp.ui.AnchorTag</tag-class>
<body-content>JSP</body-content>
<attribute>
<description><![CDATA[Set the html accesskey attribute on rendered html element]]></description>
<name>accesskey</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
<attribute>
<description><![CDATA[The action to generate the URL for, if not using value]]></description>
<name>action</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>......................................................
.....................................
第二行有它的实现类找到 copy到自己的src下面 包名什么的都要一样 重复没事,因为它会先去找自己的class再去找jar文件中的
源码如下:
public class AnchorTag extends AbstractClosingTag {
private static final long serialVersionUID = -1034616578492431113L;
protected String href;
protected String includeParams;
protected String scheme;
protected String action;
protected String namespace;
protected String method;
protected String encode;
protected String includeContext;
protected String escapeAmp;
protected String portletMode;
protected String windowState;
protected String portletUrlType;
protected String anchor;
protected String forceAddSchemeHostAndPort;
public Component getBean(ValueStack stack, HttpServletRequest req, HttpServletResponse res) {
return new Anchor(stack, req, res);
}
protected void populateParams() {
super.populateParams();
Anchor tag = (Anchor) component;
tag.setHref(href);
tag.setIncludeParams(includeParams);
tag.setScheme(scheme);
tag.setValue(value);
tag.setMethod(method);
tag.setNamespace(namespace);
tag.setAction(action);
tag.setPortletMode(portletMode);
tag.setPortletUrlType(portletUrlType);
tag.setWindowState(windowState);
tag.setAnchor(anchor);
if (encode != null) {
tag.setEncode(Boolean.valueOf(encode).booleanValue());
}
if (includeContext != null) {
tag.setIncludeContext(Boolean.valueOf(includeContext).booleanValue());
}
if (escapeAmp != null) {
tag.setEscapeAmp(Boolean.valueOf(escapeAmp).booleanValue());
}
if (forceAddSchemeHostAndPort != null) {
tag.setForceAddSchemeHostAndPort(Boolean.valueOf(forceAddSchemeHostAndPort).booleanValue());
}
}
public void setHref(String href) {
this.href = href;
}
public void setEncode(String encode) {
this.encode = encode;
} //这里省略好多get set 方法
然后在自己copy过来的源码中加入
doEndTag()方法。。。可以操作s:a标签中的属性,判断权限 等等 加入后代码如下
@Override
public int doEndTag() throws JspException {
//当前用户
User user=(User) pageContext.getSession().getAttribute("user");
//当前要显示的权限的对应的url
String privUrl=action; // 注意edit 和editUI 都对应edit
//去掉后面的参数
int pos=privUrl.indexOf("?");
if(pos>-1){
privUrl= privUrl.substring(0, pos);
}
//去掉UI
if(privUrl.endsWith("UI")){
privUrl= privUrl.substring(0, privUrl.length()-2);
}
if(user.hasPrivilegeByUrl("/"+privUrl)/*有权限吗*/){
return super.doEndTag();//正常的生成并显示超链接标签 并继续执行后面的代码
}
else
{
return EVAL_PAGE;//什么都不做 (不显示超链接)只是继续执行后面页面的代码
}
}