基本是在每个方法上加入注入来进行控制,有点像asp 脚本语言
package auth;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)//指定该注解是在运行期进行
@Target({ElementType.METHOD})//指定该注解要在方法上使用
public @interface AuthName {
String value() default "";
}
package auth;
import java.lang.reflect.Method;
public class ParseAuthName {
public static String parseAuthentication(Class<?> clazz, String methodName,Class<?>... parameterTypes) throws NoSuchMethodException {
//根据方法名,取得方法,如果有则返回
Method method = clazz.getMethod(methodName, parameterTypes);
if (null != method) {
AuthName authName = method.getAnnotation(AuthName.class);
if (null != authName) {
return authName.value();
}
}
return null;
}
}
下面是struts的拦截器
package auth;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.ActionProxy;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class AuthInterceptor extends AbstractInterceptor {
@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext context = invocation.getInvocationContext();
String user = (String)context.getSession().get("user") == null ? "tom" : "tom";
ActionProxy proxy = invocation.getProxy();
String methodName = proxy.getMethod();
Object action = proxy.getAction();
String auth = null;
try{
auth = ParseAuthName.parseAuthentication(action.getClass(),methodName, null);
}catch(NoSuchMethodException ex) {
ex.printStackTrace();
return "nopermisses";
}
if (null != auth) {
if ("AUTH".equals(auth)) {
return invocation.invoke();
}
}
return "nopermisses";
}
}
写一个action进行测试:
public class UserListAction extends ActionSupport{
@AuthName(value = "admin")
public String execute() {
return SUCCESS;
}
}
struts.xml文件基本配置:
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"> <struts> <package name="system" namespace="/admin" extends="struts-default"> <interceptors> <interceptor name="auth" class="auth.AuthInterceptor"></interceptor> <interceptor-stack name="authdefault"> <interceptor-ref name="defaultStack"></interceptor-ref> <interceptor-ref name="auth"></interceptor-ref> </interceptor-stack> </interceptors> <default-interceptor-ref name="authdefault"></default-interceptor-ref> <action name="author" class="action.UserListAction" > <result name="success">/default.jsp</result> <result name="nopermisses">/sss.jsp</result> </action> </package> </struts>
web.xml文件 ,我用的是tomcat7 + servlet3.0
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <filter> <filter-name>struts-cleanup</filter-name> <filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class> </filter> <filter> <filter-name>struts2</filter-name> <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class> <init-param> <param-name>actionPackages</param-name> <param-value>action</param-value> </init-param> </filter> <filter-mapping> <filter-name>struts2</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>struts-cleanup</filter-name> <url-pattern>*.action</url-pattern> </filter-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app>