首先写一个tld文件 内容如下
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
version="2.0">
<description>custom taglib</description>
<tlib-version>1.0</tlib-version>
<short-name>portaltaglib</short-name>
<uri>http://www.hengzhiyi.cn/portaltaglib</uri>
<tag>
<name>permission-ui</name>
<tag-class>com.it.portal.tags.PermissionUITag</tag-class>
<body-content>scriptless</body-content>
<!-- 配置标签属性:key -->
<attribute>
<name>key</name>
<required>true</required>
<fragment>true</fragment>
</attribute>
</tag>
</taglib>
PermissionUITag 类是自己编写权限控制tag类
public class PermissionUITag extends BaseTag
{
private String key;
private static PermissionService permissionService;
@Override
public void doTag() throws JspException, IOException
{
// 请求参数
Map<String, String> params = getRequestParams();
// 权限验证
PermissionService.CheckResult result =
getPermissionService().checkUIElementPermission(
params.get(PortalDelegatingFilterProxy.REQUEST_PARAM_URL_TYPE),
params.get(PortalDelegatingFilterProxy.REQUEST_PARAM_MENU_ID),
key == null ? null : key.trim(), getCurrentUser());
String uiContent = "";
// 有权限
if (result != null && result.isHasPermission())
{
// 标签内的内容
JspFragment content = getJspBody();
// 获取标签内容
StringWriter sw = new StringWriter();
content.invoke(sw);
uiContent = sw.toString();
}
// 输出结果
getJspContext().getOut().println(uiContent);
}
private PermissionService getPermissionService()
{
if (permissionService == null)
{
synchronized (PermissionUITag.class)
{
permissionService = SpringContextHolder.getBean(PermissionService.class);
}
}
return permissionService;
}
public String getKey()
{
return key;
}
public void setKey(String key)
{
this.key = key;
}
}
权限验证代码
public CheckResult checkUIElementPermission(String urlType, String menuId,String permissionKey, User user)
{
if (StringUtils.isBlank(menuId) || StringUtils.isBlank(permissionKey) || user == null || StringUtils.isBlank(user.getId()))
{
new CheckResult(false);
}
// 如果是超级管理员,则不需要权限认证
if (isSuperAdministrator(user))
{
return new CheckResult(true);
}
// 获取具有权限的元素key集合
List<String> keys = getPermissionUICacheByUserIdMenuId(user.getId(),menuId);
return new CheckResult(keys == null ? false : keys.contains(permissionKey));
}
父类代码
public class BaseTag extends SimpleTagSupport
{
/**
* 获取请求参数
*
* @return
*/
@SuppressWarnings("unchecked")
protected Map<String, String> getRequestParams()
{
HttpServletRequest request = getHttpServletRequest();
if (request == null)
{
return new HashMap<String, String>();
}
Map<String, String> params = new HashMap<String, String>();
Enumeration<String> enu = request.getParameterNames();
String name = null;
while (enu.hasMoreElements())
{
name = enu.nextElement();
params.put(name, request.getParameter(name));
}
return params;
}
/**
* 获取当前登录的用户
*
* @return
*/
protected User getCurrentUser()
{
HttpServletRequest request = getHttpServletRequest();
if(request == null)
{
return null;
}
return (User)request.getSession(true).getAttribute(Constant.SESSION_USER);
}
/**
* 获取请求对象
*
* @return
*/
protected HttpServletRequest getHttpServletRequest()
{
return ((ServletRequestAttributes) RequestContextHolder
.getRequestAttributes()).getRequest();
}
}
tld文件写好后 在web.xml引入此tld
<jsp-config>
<taglib>
<taglib-uri>http://www.hengzhiyi.cn/portaltaglib</taglib-uri>
<taglib-location>/WEB-INF/tags/portal-taglib.tld</taglib-location>
</taglib>
</jsp-config>
最后在jsp引入tld标签
<%@taglib prefix="portal" uri="http://www.hengzhiyi.cn/portaltaglib"%>
使用自定义标签来控制功能权限
<portal:permission-ui key="amazon.list.done.editPublishUser">
<a id="btn_edit_publish_user" class="btn btn-primary"> <i
class="fa fa-external-link"></i> 修改刊登人
</a>
</portal:permission-ui>