maven 架设 struts2 注解方式 权限控制

1.目录结构

2.Authority.java

package cn.sigangjun.action;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * 用于识别在进行action调用的时候，标注该方法调用是否需要权限控制，需要什么样的权限的注解类。
 * 
 * 该注解类一般会包括两个属性，一个是需要的权限，一个是对应的action。
 * 
 * @author sigangjun
 * 
 */
// 表示在什么级别保存该注解信息
@Retention(RetentionPolicy.RUNTIME)
// 表示该注解用于什么地方
@Target(ElementType.METHOD)
public @interface Authority {
	String actionName();

	String privilege();
}

3.AuthorityInterceptor.java

package cn.sigangjun.action;

import java.lang.reflect.Method;
import java.util.Date;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;

/**
 * 用于拦截请求判断是否拥有权限的拦截器
 * 
 * @author sigangjun
 * 
 */
@SuppressWarnings("serial")
public class AuthorityInterceptor implements Interceptor {

	public void destroy() {}

	public void init() {}

	public String intercept(ActionInvocation actionInvocation) throws Exception {
		String methodName = actionInvocation.getProxy().getMethod();
		Method currentMethod = actionInvocation.getAction().getClass().getMethod(methodName, null);
		// 如果该请求方法是需要进行验证的则需执行以下逻辑
		if (currentMethod.isAnnotationPresent(Authority.class)) {
			// 获取权限校验的注解
			Authority authority = currentMethod.getAnnotation(Authority.class);
			// 获取当前请求的注解的actionName
			String actionName = authority.actionName();
			// 获取当前请求需要的权限
			String privilege = authority.privilege();
			
			//1、判断客户是否登陆
			Employee employee = (Employee) ServletActionContext.getRequest().getSession().getAttribute("employee");
			if (employee == null) {
				System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
				System.out.println("客户还没登陆或登陆已超时！！！无权限访问！");
				System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
				System.out.println();
				return "index";
			}
			System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
			System.out.println("客户" + employee.getUserName() + "在" + new Date() + "执行了" + actionName + "方法，拥有" + privilege + "权限！！");
			System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
		}
		
		return actionInvocation.invoke();
	}

}

4.Employee.java

package cn.sigangjun.action;

import java.io.Serializable;

/**
 * @author sigangjun
 *
 */
@SuppressWarnings("serial")
public class Employee implements Serializable {

	private Integer id;
	private String userName;
	private String pwd;

	public Employee() {
	}

	public Integer getId() {
		return id;
	}

	public void setId(Integer id) {
		this.id = id;
	}

	public String getUserName() {
		return userName;
	}

	public void setUserName(String userName) {
		this.userName = userName;
	}

	public String getPwd() {
		return pwd;
	}

	public void setPwd(String pwd) {
		this.pwd = pwd;
	}

}

5.EmployeeAction

package cn.sigangjun.action;

import com.opensymphony.xwork2.ActionSupport;

/**
 * @author sigangjun
 *
 */
@SuppressWarnings("serial")
public class EmployeeAction extends ActionSupport {

	/**
	 * 请求该方法需要拥有对test的add权限，会通过拦截器拦截
	 */
	@Authority(actionName = "test", privilege = "add")
	public String add() {
		System.out.println("执行了add方法！！！");
		return SUCCESS;
	}

	/**
	 * 请求该方法的时候需要拥有对test的find权限，会通过拦截器拦截
	 */
	@Authority(actionName = "test", privilege = "find")
	public String find() throws Exception {
		System.out.println("执行了find方法！！！");
		return SUCCESS;
	}

	/**
	 * 不会通过拦截器拦截，因为没对actionName进行权限配置
	 */
	public String delete() throws Exception {
		System.out.println("执行了delete方法！！！");
		return SUCCESS;
	}

}

6.struts.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
    "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
	<constant name="struts.serve.static.browserCache" value="false" />
	<constant name="struts.action.extension" value="do" />
	<constant name="struts.i18n.encoding" value="UTF-8" />

	<package name="base" extends="struts-default">
		<global-results>
			<result name="index">/index.jsp</result>
			<result name="success">/login.jsp</result>
		</global-results>
	</package>

	<!-- 自定义拦截器 -->
	<package name="permissionInterceptor" namespace="/permissionInterceptor" extends="base">
		<interceptors>
			<!-- 注册自定义的权限控制拦截器 -->
			<interceptor name="authorityInterceptor" class="cn.sigangjun.action.AuthorityInterceptor" />

			<!-- 把自定义的权限控制拦截器和默认的拦截器栈加到新的自定义的拦截器栈 -->
			<interceptor-stack name="myInterceptors">
				<interceptor-ref name="defaultStack" />
				<interceptor-ref name="authorityInterceptor" />
			</interceptor-stack>
		</interceptors>
		<!-- 指定新的自定义的拦截器栈为默认的拦截器栈，这样自定义的权限控制拦截器就可以发挥作用了 -->
		<default-interceptor-ref name="myInterceptors" />
	</package>

	<package name="employee" extends="permissionInterceptor">
		<action name="*Employee" class="cn.sigangjun.action.EmployeeAction" method="{1}">
		</action>
	</package>

</struts>

7.web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>
            org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>

8.pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>cn.sigangjun</groupId>
	<artifactId>03struts2</artifactId>
	<packaging>war</packaging>
	<version>0.0.1-SNAPSHOT</version>
	<name>03struts2 Maven Webapp</name>
	<url>http://maven.apache.org</url>
	<dependencies>
		<dependency>
			<groupId>org.apache.struts</groupId>
			<artifactId>struts2-core</artifactId>
			<version>2.3.4.1</version>
		</dependency>
		<dependency>
			<groupId>org.apache.struts</groupId>
			<artifactId>struts2-convention-plugin</artifactId>
			<version>2.3.4.1</version>
		</dependency>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>4.10</version>
			<scope>test</scope>
		</dependency>

		<dependency>
			<groupId>log4j</groupId>
			<artifactId>log4j</artifactId>
			<version>1.2.17</version>
		</dependency>
	</dependencies>
	<build>
		<finalName>03struts2</finalName>
	</build>
</project>

9.login.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@page import="cn.sigangjun.action.*"%>
<%
    Employee employee=new Employee();
    employee.setId(1);
    employee.setUserName("sigangjun");
    employee.setPwd("123456");
    request.getSession().setAttribute("employee", employee);
%>

客户已经登录

10.index.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib uri="/struts-tags" prefix="s"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'index.jsp' starting page</title>
    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">    
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
    <!--
    <link rel="stylesheet" type="text/css" href="styles.css">
    -->
  </head>
  
  <body>
     欢迎您的到来....    
  </body>
</html>