一、权限分类图:
二、默认的权限设置权限不需要设置,如何实现:
在hasPrivilegeByUrl方法里,取出全部的权限url与当前的url对比,如果不包含,就说明不需要控制。
package cn.oppo.oa.domain;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import com.opensymphony.xwork2.ActionContext;
/**
* 用户
* @author chenlin
*
*/
public class User {
private Long id;
private Department department;
private Set<Role> roles = new HashSet<Role>();
private String loginName; // 登录名
private String password; // 密码
private String name; // 真实姓名
private String gender; // 性别
private String phoneNumber; // 电话号码
private String email; // 电子邮件
private String description; // 说明
/**
* 检查是否有权限
* @param name
* @return
*/
public boolean hasPrivilegeByName(String name){
if(name != null && !"".equals(name)){
if(isAdmin()){
return true;
}
if(roles != null){
for(Role role : roles){
if(role.getPrivileges() != null){
for(Privilege p : role.getPrivileges()){
if (p.getName().equals(name)) {
return true;
}
}
}
}
}
}
return false;
}
@SuppressWarnings("unchecked")
public boolean hasPrivilegeByUrl(String privilegeUrl) {
if(privilegeUrl != null && !"".equals(privilegeUrl)){
// 超级管理员有所有的权限
if (isAdmin()) {
return true;
}
// 如果以UI后缀结尾,就去掉UI后缀,以得到对应的权限(例如:addUI与add是同一个权限)
if (privilegeUrl.endsWith("UI")) {
privilegeUrl = privilegeUrl.substring(0, privilegeUrl.length() - 2);
}
// 其他用户要是有权限才返回true
List<String> allPrivilegeUrls = (List<String>) ActionContext.getContext().getApplication().get("allPrivilegeUrls");
if (!allPrivilegeUrls.contains(privilegeUrl)) {
return true;
}else {
if(roles != null){
for(Role role : roles){
if(role.getPrivileges() != null){
for(Privilege p : role.getPrivileges()){
if (privilegeUrl.equals(p.getUrl())) {
return true;
}
}
}
}
}
}
}
return false;
}
private boolean isAdmin() {
return "admin".equals(loginName);
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public Department getDepartment() {
return department;
}
public void setDepartment(Department department) {
this.department = department;
}
public Set<Role> getRoles() {
return roles;
}
public void setRoles(Set<Role> roles) {
this.roles = roles;
}
public String getLoginName() {
return loginName;
}
public void setLoginName(String loginName) {
this.loginName = loginName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getGender() {
return gender;
}
public void setGender(String gender) {
this.gender = gender;
}
public String getPhoneNumber() {
return phoneNumber;
}
public void setPhoneNumber(String phoneNumber) {
this.phoneNumber = phoneNumber;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
@Override
public String toString() {
return "User [id=" + id + ", loginName=" + loginName + ", password=" + password + ", name=" + name + ", gender="
+ gender + ", phoneNumber=" + phoneNumber + ", email=" + email + ", description=" + description + "]";
}
}
三、权限地址来源:从监听器里读取
但监听器必须在web.xml配置
public class InitServletContextListener implements ServletContextListener {
@Override
public void contextDestroyed(ServletContextEvent sce) {
ServletContext application = sce.getServletContext();
WebApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(application);
PrivilegeService privilegeService = (PrivilegeService) applicationContext.getBean("privilegeServiceImpl");
// 准备所有顶级权限的集合(顶级菜单)
List<Privilege> topPrivilegeList = privilegeService.findTopList();
application.setAttribute("topPrivilegeList", topPrivilegeList);
System.out.println("-- 已准备好顶级权限的数据 --");
// 准备所有权限URL的集合
List<String> allPrivilegeUrls = privilegeService.getAllPrivilegeUrls();
application.setAttribute("allPrivilegeUrls", allPrivilegeUrls);
System.out.println("-- 已准备好所有权限的URL数据 --");
}
@Override
public void contextInitialized(ServletContextEvent arg0) {
}
}
—————————————————–
(java 架构师全套教程,共760G, 让你从零到架构师,每月轻松拿3万)
请先拍 购买地址, 下载请用百度盘
目录如下:
01.高级架构师四十二个阶段高
02.Java高级系统培训架构课程148课时
03.Java高级互联网架构师课程
04.Java互联网架构Netty、Nio、Mina等-视频教程
05.Java高级架构设计2016整理-视频教程
06.架构师基础、高级片
07.Java架构师必修linux运维系列课程
08.Java高级系统培训架构课程116课时
(送:hadoop系列教程,java设计模式与数据结构, Spring Cloud微服务, SpringBoot入门)
01高级架构师四十二个阶段高内容:
—————————————————–