心中谨记基于接口编程的指导,考虑到我们的CRUD操作涉及到load,store,remove,list四个方法,而且要记录操作者的角色,我们提取了接口IRoleAndCRUD,内容如下:
/** */
/**
* 描述: CRUD操作接口,用于struts2拦截器实现权限控制
*
* @author Stone yang 创建日期:2007-5-21
* @version pattern Study 技术支持: <a
* href="http://blog.csdn.net/yq76034150">http://blog.csdn.net/yq76034150</a>
*/
public interface IRoleAndCRUD ... {
public String load();
public String store();
public String remove();
public void setRole(String role);
public String list();
}
* 描述: CRUD操作接口,用于struts2拦截器实现权限控制
*
* @author Stone yang 创建日期:2007-5-21
* @version pattern Study 技术支持: <a
* href="http://blog.csdn.net/yq76034150">http://blog.csdn.net/yq76034150</a>
*/
public interface IRoleAndCRUD ... {
public String load();
public String store();
public String remove();
public void setRole(String role);
public String list();
}
/** */
/**
* 描述:权限拦截器
*
* @author Stone yang 创建日期:2007-5-21
* @version pattern Study 技术支持: <a
* href="http://blog.csdn.net/yq76034150">http://blog.csdn.net/yq76034150</a>
*/
public class AuthorizationInterceptor extends AbstractInterceptor ... {
private static final Logger log = Logger
.getLogger(AuthorizationInterceptor.class);
protected static Map<String, String> roleMethodMap = new HashMap<String, String>();
static ...{
if (roleMethodMap.size() <= 0) ...{
roleMethodMap.put("list", "view");
roleMethodMap.put("store", "edit");
roleMethodMap.put("remove", "remove");
}
}
@Override
public String intercept(ActionInvocation ai) throws Exception ...{
Map session = ai.getInvocationContext().getSession();
String role = (String) session.get("ROLE");
if (null == role) ...{
Object action = ai.getAction();
if (action instanceof IRoleAndCRUD) ...{
IRoleAndCRUD crudAction = (IRoleAndCRUD) action;
String methodName = ai.getProxy().getActionName();
if (role.equals(roleMethodMap.get(methodName))) ...{ //session中存储的角色和调用方法对应的权限一致
crudAction.setRole(role);
return ai.invoke();
} else ...{
return Action.LOGIN;
}
} else ...{
return Action.LOGIN;
}
} else ...{
return Action.LOGIN;
}
}
* 描述:权限拦截器
*
* @author Stone yang 创建日期:2007-5-21
* @version pattern Study 技术支持: <a
* href="http://blog.csdn.net/yq76034150">http://blog.csdn.net/yq76034150</a>
*/
public class AuthorizationInterceptor extends AbstractInterceptor ... {
private static final Logger log = Logger
.getLogger(AuthorizationInterceptor.class);
protected static Map<String, String> roleMethodMap = new HashMap<String, String>();
static ...{
if (roleMethodMap.size() <= 0) ...{
roleMethodMap.put("list", "view");
roleMethodMap.put("store", "edit");
roleMethodMap.put("remove", "remove");
}
}
@Override
public String intercept(ActionInvocation ai) throws Exception ...{
Map session = ai.getInvocationContext().getSession();
String role = (String) session.get("ROLE");
if (null == role) ...{
Object action = ai.getAction();
if (action instanceof IRoleAndCRUD) ...{
IRoleAndCRUD crudAction = (IRoleAndCRUD) action;
String methodName = ai.getProxy().getActionName();
if (role.equals(roleMethodMap.get(methodName))) ...{ //session中存储的角色和调用方法对应的权限一致
crudAction.setRole(role);
return ai.invoke();
} else ...{
return Action.LOGIN;
}
} else ...{
return Action.LOGIN;
}
} else ...{
return Action.LOGIN;
}
}
应用自定义拦截器也很简单,在struts.xml中定义即可,大致如下:
<
package
name
="admin"
extends
="struts-default"
namespace
="/admin"
>
<!-- 定义拦截器 -->
< interceptors >
< interceptor name ="auth" class ="com.waimai.utils.AuthorizationInterceptor" />
</ interceptors >
< action name ="List" class ="com.waimai.web.CaiTypeAction" method ="list" >
<!-- 调用拦截器 -->
< interceptor-ref name ="auth" />
< result > listCaiType.jsp </ result >
</ action >
< action name ="Edit" class ="com.waimai.web.CaiTypeAction" method ="load" >
<!-- 调用拦截器 -->
< interceptor-ref name ="auth" />
< result > editCaiType.jsp </ result >
</ action >
< action name ="Store" class ="com.waimai.web.CaiTypeAction" method ="store" >
<!-- 调用拦截器 -->
< interceptor-ref name ="auth" />
< result name ="input" type ="dispatcher" > editCaiType.jsp </ result >
< result type ="redirect" > List.action </ result >
</ action >
< action name ="Remove" class ="com.waimai.web.CaiTypeAction" method ="remove" >
<!-- 调用拦截器 -->
< interceptor-ref name ="auth" />
< result type ="redirect" > List.action </ result >
</ action >
</ package >
<!-- 定义拦截器 -->
< interceptors >
< interceptor name ="auth" class ="com.waimai.utils.AuthorizationInterceptor" />
</ interceptors >
< action name ="List" class ="com.waimai.web.CaiTypeAction" method ="list" >
<!-- 调用拦截器 -->
< interceptor-ref name ="auth" />
< result > listCaiType.jsp </ result >
</ action >
< action name ="Edit" class ="com.waimai.web.CaiTypeAction" method ="load" >
<!-- 调用拦截器 -->
< interceptor-ref name ="auth" />
< result > editCaiType.jsp </ result >
</ action >
< action name ="Store" class ="com.waimai.web.CaiTypeAction" method ="store" >
<!-- 调用拦截器 -->
< interceptor-ref name ="auth" />
< result name ="input" type ="dispatcher" > editCaiType.jsp </ result >
< result type ="redirect" > List.action </ result >
</ action >
< action name ="Remove" class ="com.waimai.web.CaiTypeAction" method ="remove" >
<!-- 调用拦截器 -->
< interceptor-ref name ="auth" />
< result type ="redirect" > List.action </ result >
</ action >
</ package >