/**
* 权限组(也可叫角色)
*/
@Entity
public class PrivilegeGroup {
private String groupid;
/* 名称 */
private String name;
/* 拥有的权限 */
private Set<SystemPrivilege> privileges = new HashSet<SystemPrivilege>();
private Set<Employee> employees = new HashSet<Employee>();
public PrivilegeGroup(){}
public PrivilegeGroup(String groupid) {
this.groupid = groupid;
}
@ManyToMany(mappedBy="groups",cascade=CascadeType.REFRESH)
public Set<Employee> getEmployees() {
return employees;
}
public void setEmployees(Set<Employee> employee) {
this.employees = employee;
}
@Id @Column(length=36)
public String getGroupid() {
return groupid;
}
public void setGroupid(String groupid) {
this.groupid = groupid;
}
@Column(length=20,nullable=false)
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@ManyToMany(cascade=CascadeType.REFRESH,fetch=FetchType.EAGER)
@JoinTable(name="gp", inverseJoinColumns={
@JoinColumn(name="module", referencedColumnName="module"),
@JoinColumn(name="privilege", referencedColumnName="privilege")},
joinColumns=@JoinColumn(name="group_id")
)
public Set<SystemPrivilege> getPrivileges() {
return privileges;
}
public void setPrivileges(Set<SystemPrivilege> privileges) {
this.privileges = privileges;
}
/**
* 添加权限
* @param privilege 权限
*/
public void addSystemPrivilege(SystemPrivilege privilege){
this.privileges.add(privilege);
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((groupid == null) ? 0 : groupid.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final PrivilegeGroup other = (PrivilegeGroup) obj;
if (groupid == null) {
if (other.groupid != null)
return false;
} else if (!groupid.equals(other.groupid))
return false;
return true;
}
}
/**
* 系统权限
*/
@Entity
public class SystemPrivilege {
private SystemPrivilegePK id;
/* 权限名称 */
private String name;
/* 权限所在组 */
private Set<PrivilegeGroup> groups = new HashSet<PrivilegeGroup>();
@ManyToMany(cascade=CascadeType.REFRESH, mappedBy="privileges")
public Set<PrivilegeGroup> getGroups() {
return groups;
}
public void setGroups(Set<PrivilegeGroup> groups) {
this.groups = groups;
}
public SystemPrivilege(){}
public SystemPrivilege(SystemPrivilegePK id) {
this.id = id;
}
public SystemPrivilege(String module, String privilege, String name) {
this.id = new SystemPrivilegePK(module, privilege);
this.name = name;
}
@EmbeddedId
public SystemPrivilegePK getId() {
return id;
}
public void setId(SystemPrivilegePK id) {
this.id = id;
}
@Column(length=20,nullable=false)
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((id == null) ? 0 : id.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final SystemPrivilege other = (SystemPrivilege) obj;
if (id == null) {
if (other.id != null)
return false;
} else if (!id.equals(other.id))
return false;
return true;
}
}
/**
* 主键类(用作实体的ID属性)
*/
@Embeddable
public class SystemPrivilegePK implements Serializable{
/* 模块 */
private String module;
/* 权限值 */
private String privilege;
public SystemPrivilegePK(){}
public SystemPrivilegePK(String module, String privilege) {
this.module = module;
this.privilege = privilege;
}
@Column(length=20,name="module")
public String getModule() {
return module;
}
public void setModule(String module) {
this.module = module;
}
@Column(length=20,name="privilege")
public String getPrivilege() {
return privilege;
}
public void setPrivilege(String privilege) {
this.privilege = privilege;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((module == null) ? 0 : module.hashCode());
result = prime * result
+ ((privilege == null) ? 0 : privilege.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final SystemPrivilegePK other = (SystemPrivilegePK) obj;
if (module == null) {
if (other.module != null)
return false;
} else if (!module.equals(other.module))
return false;
if (privilege == null) {
if (other.privilege != null)
return false;
} else if (!privilege.equals(other.privilege))
return false;
return true;
}
}
/**
* 权限配置
*/
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Permission {
/* 模块名 */
String module();
/* 权限值 */
String privilege();
}
/**
*自定义struts的servlet请求处理器,重写方法。
*/
public class PrivilegeRequestProcessor extends DelegatingRequestProcessor {
@Override
protected ActionForward processActionPerform(HttpServletRequest request,
HttpServletResponse response, Action action, ActionForm form,
ActionMapping mapping) throws IOException, ServletException {
if(WebUtil.getRequestURI(request).startsWith("/control/")){//只拦截路径以/control/开头的action
if(!validate(request, action, mapping)){
request.setAttribute("message", "你没有权限执行该操作");
request.setAttribute("urladdress", SiteUrl.readUrl("control.control.right"));
return mapping.findForward("message");
}
}
return super.processActionPerform(request, response, action, form, mapping);
}
/**
* 判断用户是否具有执行当前方法的权限
*/
private boolean validate(HttpServletRequest request, Action action, ActionMapping mapping) {
Method method = getCurrentMethod(request, action, mapping);//得到当前执行的方法
if(method!=null){
if(method.isAnnotationPresent(Permission.class)){
Permission permission = method.getAnnotation(Permission.class);
SystemPrivilege privilege = new SystemPrivilege(
new SystemPrivilegePK(permission.module(),permission.privilege()));//当前方法需要的权限
Employee employee = WebUtil.getEmployee(request);
for(PrivilegeGroup group : employee.getGroups()){
if(group.getPrivileges().contains(privilege)){
return true;
}
}
return false;
}
}
return true;
}
/**
* 获取当前执行的方法
*/
private Method getCurrentMethod(HttpServletRequest request, Action action, ActionMapping mapping) {
String methodname = "execute";
if(DispatchAction.class.isAssignableFrom(action.getClass())){//判断DispatchAction是否是action的父类
methodname = request.getParameter(mapping.getParameter());
}
try {
return action.getClass().getMethod(methodname, ActionMapping.class, ActionForm.class,
HttpServletRequest.class, HttpServletResponse.class);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
}
//初始化权限
@Controller("/system/init")
public class SystemInitAction extends Action {
@Resource SystemPrivilegeService privilegeService;
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
this.initPrivileges();
request.setAttribute("message", "初始化完成");
request.setAttribute("urladdress", SiteUrl.readUrl("employee.logon"));
return mapping.findForward("message");
}
/**
* 初始化权限
*/
private void initPrivileges() {
if(privilegeService.getCount()==0){//如果没有被初始化,即进行初始化
List<SystemPrivilege> privileges = new ArrayList<SystemPrivilege>();
privileges.add(new SystemPrivilege("department", "view", "部门查看"));
privileges.add(new SystemPrivilege("department", "insert", "部门添加"));
privileges.add(new SystemPrivilege("department", "update", "部门修改"));
privileges.add(new SystemPrivilege("department", "delete", "部门删除"));
privilegeService.saves(privileges);
}
}
}