权限

 /**
 * 权限组(也可叫角色)
 */
@Entity
public class PrivilegeGroup {
 private String groupid;
 /* 名称 */
 private String name;
 /* 拥有的权限 */
 private Set<SystemPrivilege> privileges = new HashSet<SystemPrivilege>();
 private Set<Employee> employees = new HashSet<Employee>();
 
 public PrivilegeGroup(){}
 
 public PrivilegeGroup(String groupid) {
  this.groupid = groupid;
 }
 @ManyToMany(mappedBy="groups",cascade=CascadeType.REFRESH)
 public Set<Employee> getEmployees() {
  return employees;
 }
 public void setEmployees(Set<Employee> employee) {
  this.employees = employee;
 }
 @Id @Column(length=36)
 public String getGroupid() {
  return groupid;
 }
 public void setGroupid(String groupid) {
  this.groupid = groupid;
 }
 @Column(length=20,nullable=false)
 public String getName() {
  return name;
 }
 public void setName(String name) {
  this.name = name;
 }
 @ManyToMany(cascade=CascadeType.REFRESH,fetch=FetchType.EAGER)
 @JoinTable(name="gp", inverseJoinColumns={
   @JoinColumn(name="module", referencedColumnName="module"),
   @JoinColumn(name="privilege", referencedColumnName="privilege")},
   joinColumns=@JoinColumn(name="group_id")
 )
 public Set<SystemPrivilege> getPrivileges() {
  return privileges;
 }
 public void setPrivileges(Set<SystemPrivilege> privileges) {
  this.privileges = privileges;
 }
 /**
  * 添加权限
  * @param privilege 权限
  */
 public void addSystemPrivilege(SystemPrivilege privilege){
  this.privileges.add(privilege);
 }
 
 @Override
 public int hashCode() {
  final int prime = 31;
  int result = 1;
  result = prime * result + ((groupid == null) ? 0 : groupid.hashCode());
  return result;
 }
 @Override
 public boolean equals(Object obj) {
  if (this == obj)
   return true;
  if (obj == null)
   return false;
  if (getClass() != obj.getClass())
   return false;
  final PrivilegeGroup other = (PrivilegeGroup) obj;
  if (groupid == null) {
   if (other.groupid != null)
    return false;
  } else if (!groupid.equals(other.groupid))
   return false;
  return true;
 }
 
}

 

 

 

/**
 * 系统权限
 */
@Entity
public class SystemPrivilege {
 private SystemPrivilegePK id;
 /* 权限名称 */
 private String name;
 /* 权限所在组 */
 private Set<PrivilegeGroup> groups = new HashSet<PrivilegeGroup>();
 
 @ManyToMany(cascade=CascadeType.REFRESH, mappedBy="privileges")
 public Set<PrivilegeGroup> getGroups() {
  return groups;
 }

 public void setGroups(Set<PrivilegeGroup> groups) {
  this.groups = groups;
 }

 public SystemPrivilege(){}
 
 public SystemPrivilege(SystemPrivilegePK id) {
  this.id = id;
 }
 
 public SystemPrivilege(String module, String privilege, String name) {
  this.id = new SystemPrivilegePK(module, privilege);
  this.name = name;
 }

 @EmbeddedId
 public SystemPrivilegePK getId() {
  return id;
 }
 public void setId(SystemPrivilegePK id) {
  this.id = id;
 }
 @Column(length=20,nullable=false)
 public String getName() {
  return name;
 }
 public void setName(String name) {
  this.name = name;
 }
 @Override
 public int hashCode() {
  final int prime = 31;
  int result = 1;
  result = prime * result + ((id == null) ? 0 : id.hashCode());
  return result;
 }
 @Override
 public boolean equals(Object obj) {
  if (this == obj)
   return true;
  if (obj == null)
   return false;
  if (getClass() != obj.getClass())
   return false;
  final SystemPrivilege other = (SystemPrivilege) obj;
  if (id == null) {
   if (other.id != null)
    return false;
  } else if (!id.equals(other.id))
   return false;
  return true;
 }
 
}

 

 

/**
 * 主键类(用作实体的ID属性)
 */
@Embeddable
public class SystemPrivilegePK implements Serializable{
 /* 模块 */
 private String module;
 /* 权限值 */
 private String privilege;
 
 public SystemPrivilegePK(){}
 
 public SystemPrivilegePK(String module, String privilege) {
  this.module = module;
  this.privilege = privilege;
 }
 @Column(length=20,name="module")
 public String getModule() {
  return module;
 }
 public void setModule(String module) {
  this.module = module;
 }
 @Column(length=20,name="privilege")
 public String getPrivilege() {
  return privilege;
 }
 public void setPrivilege(String privilege) {
  this.privilege = privilege;
 }
 @Override
 public int hashCode() {
  final int prime = 31;
  int result = 1;
  result = prime * result + ((module == null) ? 0 : module.hashCode());
  result = prime * result
    + ((privilege == null) ? 0 : privilege.hashCode());
  return result;
 }
 @Override
 public boolean equals(Object obj) {
  if (this == obj)
   return true;
  if (obj == null)
   return false;
  if (getClass() != obj.getClass())
   return false;
  final SystemPrivilegePK other = (SystemPrivilegePK) obj;
  if (module == null) {
   if (other.module != null)
    return false;
  } else if (!module.equals(other.module))
   return false;
  if (privilege == null) {
   if (other.privilege != null)
    return false;
  } else if (!privilege.equals(other.privilege))
   return false;
  return true;
 }
}

 

 

/**
 * 权限配置
 */
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Permission {
 /* 模块名 */
 String module();
 /* 权限值 */
 String privilege();
}

 

/**

*自定义struts的servlet请求处理器,重写方法。

*/

 

public class PrivilegeRequestProcessor extends DelegatingRequestProcessor {

 @Override
 protected ActionForward processActionPerform(HttpServletRequest request,
   HttpServletResponse response, Action action, ActionForm form,
   ActionMapping mapping) throws IOException, ServletException {
  if(WebUtil.getRequestURI(request).startsWith("/control/")){//只拦截路径以/control/开头的action
   if(!validate(request, action, mapping)){
    request.setAttribute("message", "你没有权限执行该操作");
    request.setAttribute("urladdress", SiteUrl.readUrl("control.control.right"));
    return mapping.findForward("message");
   }
  }
  return super.processActionPerform(request, response, action, form, mapping);
 }
 /**
  * 判断用户是否具有执行当前方法的权限
  */
 private boolean validate(HttpServletRequest request, Action action, ActionMapping mapping) {
  Method method = getCurrentMethod(request, action, mapping);//得到当前执行的方法
  if(method!=null){
   if(method.isAnnotationPresent(Permission.class)){
    Permission permission = method.getAnnotation(Permission.class);
    SystemPrivilege privilege = new SystemPrivilege(
      new SystemPrivilegePK(permission.module(),permission.privilege()));//当前方法需要的权限
    Employee employee = WebUtil.getEmployee(request);
    for(PrivilegeGroup group : employee.getGroups()){
     if(group.getPrivileges().contains(privilege)){
      return true;
     }
    }
    return false;
   }
  }
  return true;
 }
 /**
  * 获取当前执行的方法
  */
 private Method getCurrentMethod(HttpServletRequest request, Action action, ActionMapping mapping) {
  String methodname = "execute";
  if(DispatchAction.class.isAssignableFrom(action.getClass())){//判断DispatchAction是否是action的父类
   methodname = request.getParameter(mapping.getParameter());
  }
  try {
   return action.getClass().getMethod(methodname, ActionMapping.class, ActionForm.class,
    HttpServletRequest.class, HttpServletResponse.class);
  } catch (Exception e) {
   e.printStackTrace();
  }
  return null;
 }

}

 

 

//初始化权限

 

@Controller("/system/init")
public class SystemInitAction extends Action {
 @Resource SystemPrivilegeService privilegeService;

 @Override
 public ActionForward execute(ActionMapping mapping, ActionForm form,
   HttpServletRequest request, HttpServletResponse response)
   throws Exception {
  this.initPrivileges();
  
  request.setAttribute("message", "初始化完成");
  request.setAttribute("urladdress", SiteUrl.readUrl("employee.logon"));
  return mapping.findForward("message");
 }
 /**
  * 初始化权限
  */
 private void initPrivileges() {
  if(privilegeService.getCount()==0){//如果没有被初始化,即进行初始化
   List<SystemPrivilege> privileges = new ArrayList<SystemPrivilege>();
   privileges.add(new SystemPrivilege("department", "view", "部门查看"));
   privileges.add(new SystemPrivilege("department", "insert", "部门添加"));
   privileges.add(new SystemPrivilege("department", "update", "部门修改"));
   privileges.add(new SystemPrivilege("department", "delete", "部门删除"));
   privilegeService.saves(privileges);
  }
 }

}