java Struts2使用拦截器完成权限控制示例

王朝学院·作者佚名  2009-04-24  
宽屏版  字体: |||超大  

Struts2使用拦截器完成权限控制示例

关键字: struts2 权限控制

示例需求:

要求用户登录,且必须为指定用户名才可以查看系统中某个视图资源;否则,系统直接转入登陆页面。

一、页面部分

1、登陆页面代码(login.jsp)

Java代码

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="loginPage" /></title>

</head>

<body>

<!-- 使用form标签生成表单元素 -->

<s:form action="login">

<s:textfield name="username" label="%{getText('user')}" />

<s:textfield name="password" label="%{getText('pass')}" />

<s:submit value="%{getText('login')}" />

</s:form>

</body>

</html>

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="loginPage" /></title>

</head>

<body>

<!-- 使用form标签生成表单元素 -->

<s:form action="login">

<s:textfield name="username" label="%{getText('user')}" />

<s:textfield name="password" label="%{getText('pass')}" />

<s:submit value="%{getText('login')}" />

</s:form>

</body>

</html>

2、登陆成功页面(welcome.jsp)

Java代码

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="succPage" /></title>

<s:head />

</head>

<body>

<s:text name="succTip" />

<br />

<!-- 欢迎,${sessionScope.user},您已经登录!

${sessionScope.pass}-->

<p />

<s:a href="show.action">show</s:a>

<p />

<s:a href="add.action">add</s:a>

<p />

<s:a href="qurey.action">qurey</s:a>

</body>

</html>

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="succPage" /></title>

<s:head />

</head>

<body>

<s:text name="succTip" />

<br />

<!-- 欢迎,${sessionScope.user},您已经登录!

${sessionScope.pass}-->

<p />

<s:a href="show.action">show</s:a>

<p />

<s:a href="add.action">add</s:a>

<p />

<s:a href="qurey.action">qurey</s:a>

</body>

</html>

3、登陆失败页面(error.jsp)

Java代码

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="errorPage" /></title>

</head>

<body>

<s:text name="failTip" />

<p />

<s:a href="login.jsp">return</s:a>

</body>

</html>

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="errorPage" /></title>

</head>

<body>

<s:text name="failTip" />

<p />

<s:a href="login.jsp">return</s:a>

</body>

</html>

4、和权限有关的几个显示页面

(add.jsp)

Java代码

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="addPage"/></title>

</head>

<body>

<s:text name="addTip"/>

<p />

<s:a href="login.jsp">return login</s:a>

</body>

</html>

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="addPage"/></title>

</head>

<body>

<s:text name="addTip"/>

<p />

<s:a href="login.jsp">return login</s:a>

</body>

</html>

(show.jsp)

Java代码

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="showPage"/></title>

</head>

<body>

<s:text name="showTip"/>

<p />

<s:a href="login.jsp">return login</s:a>

</body>

</html>

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="showPage"/></title>

</head>

<body>

<s:text name="showTip"/>

<p />

<s:a href="login.jsp">return login</s:a>

</body>

</html>

(qurey.jsp)

Java代码

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="qureyPage"/></title>

</head>

<body>

<s:text name="qureyTip"/>

<p />

<s:a href="login.jsp">return login</s:a>

</body>

</html>

<%@ page language="java" contentType="text/html; charset=GBK"%>

<%@taglib prefix="s" uri="/struts-tags"%>

<html>

<head>

<title><s:text name="qureyPage"/></title>

</head>

<body>

<s:text name="qureyTip"/>

<p />

<s:a href="login.jsp">return login</s:a>

</body>

</html>

二、Action部分(LoginAction.java)

Java代码

public class LoginAction extends ActionSupport {

private static final long serialVersionUID = 1030294046920869257L;

private String username;

private String password;

// 处理用户请求的execute方法

public String execute() throws Exception {

if (isInvalid(getUsername()))

return INPUT;

if (isInvalid(getPassword()))

return INPUT;

if ((getUsername().equals("mm") || getUsername().equals("aumy"))

&& getPassword().equals("111")) {

// 通过ActionContext对象访问Web应用的Session

ActionContext.getContext().getSession().put("user", getUsername());

ActionContext.getContext().getSession().put("pass", getPassword());

System.out.println(getUsername() + "----" + getPassword());

return SUCCESS;

} else {

System.out.println(getUsername() + "----" + getPassword());

return ERROR;

}

}

private boolean isInvalid(String value) {

return (value == null || value.length() == 0);

}

public String add() {

return SUCCESS;

}

public String show() {

return SUCCESS;

}

public String qurey() {

return SUCCESS;

}

public String getUsername() {

return username;

}

public void setUsername(String username) {

this.username = username;

}

public String getPassword() {

return password;

}

public void setPassword(String password) {

this.password = password;

}

}

public class LoginAction extends ActionSupport {

private static final long serialVersionUID = 1030294046920869257L;

private String username;

private String password;

// 处理用户请求的execute方法

public String execute() throws Exception {

if (isInvalid(getUsername()))

return INPUT;

if (isInvalid(getPassword()))

return INPUT;

if ((getUsername().equals("mm") || getUsername().equals("aumy"))

&& getPassword().equals("111")) {

// 通过ActionContext对象访问Web应用的Session

ActionContext.getContext().getSession().put("user", getUsername());

ActionContext.getContext().getSession().put("pass", getPassword());

System.out.println(getUsername() + "----" + getPassword());

return SUCCESS;

} else {

System.out.println(getUsername() + "----" + getPassword());

return ERROR;

}

}

private boolean isInvalid(String value) {

return (value == null || value.length() == 0);

}

public String add() {

return SUCCESS;

}

public String show() {

return SUCCESS;

}

public String qurey() {

return SUCCESS;

}

public String getUsername() {

return username;

}

public void setUsername(String username) {

this.username = username;

}

public String getPassword() {

return password;

}

public void setPassword(String password) {

this.password = password;

}

}

三、拦截器部分(AuthorityInterceptor.java)

Java代码

public class AuthorityInterceptor extends AbstractInterceptor {

private static final long serialVersionUID = 1358600090729208361L;

//拦截Action处理的拦截方法

public String intercept(ActionInvocation invocation) throws Exception {

// 取得请求相关的ActionContext实例

ActionContext ctx=invocation.getInvocationContext();

Map session=ctx.getSession();

//取出名为user的session属性

String user=(String)session.get("user");

//如果没有登陆,或者登陆所有的用户名不是aumy,都返回重新登陆

if(user!=null && user.equals("aumy")){

return invocation.invoke();

}

//没有登陆,将服务器提示设置成一个HttpServletRequest属性

ctx.put("tip","您还没有登录,请登陆系统");

return Action.LOGIN;

}

}

public class AuthorityInterceptor extends AbstractInterceptor {

private static final long serialVersionUID = 1358600090729208361L;

//拦截Action处理的拦截方法

public String intercept(ActionInvocation invocation) throws Exception {

// 取得请求相关的ActionContext实例

ActionContext ctx=invocation.getInvocationContext();

Map session=ctx.getSession();

//取出名为user的session属性

String user=(String)session.get("user");

//如果没有登陆,或者登陆所有的用户名不是aumy,都返回重新登陆

if(user!=null && user.equals("aumy")){

return invocation.invoke();

}

//没有登陆,将服务器提示设置成一个HttpServletRequest属性

ctx.put("tip","您还没有登录,请登陆系统");

return Action.LOGIN;

}

}

四、配置文件部分

(struts.xml)

Java代码

<!DOCTYPE struts PUBLIC

"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"

"http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>

<include file="struts-default.xml"/>

<!--不受权限控制的Action请求配置-->

<package name="non-authority" extends="struts-default" >

<action name="login" class="com.aumy.struts.example.LoginAction">

<result name="input">/login.jsp</result>

<result name="error">/error.jsp</result>

<result name="success">/welcome.jsp</result>

</action>

<action name="qurey" class="com.aumy.struts.example.LoginAction" method="qurey">

<result name="success">/qurey.jsp</result>

</action>

</package>

<!--受权限控制的Action请求配置-->

<package name="authority" extends="struts-default">

<interceptors>

<!--定义一个名为authority的拦截器-->

<interceptor

class="com.aumy.struts.example.intercepter.AuthorityInterceptor"

name="authority"/>

<!--定义一个包含权限检查的拦截器栈-->

<interceptor-stack name="mydefault">

<!--配置内建默认拦截器-->

<interceptor-ref name="defaultStack"/>

<!--配置自定义的拦截器-->

<interceptor-ref name="authority"/>

</interceptor-stack>

</interceptors>

<default-interceptor-ref name="mydefault" />

<!--定义全局Result-->

<global-results>

<result name="login">/login.jsp</result>

</global-results>

<action name="show" class="com.aumy.struts.example.LoginAction"

method="show">

<result name="success">/show.jsp</result>

</action>

<action name="add" class="com.aumy.struts.example.LoginAction"

method="add">

<result name="success">/add.jsp</result>

</action>

</package>

</struts>

<!DOCTYPE struts PUBLIC

"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"

"http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>

<include file="struts-default.xml"/>

<!--不受权限控制的Action请求配置-->

<package name="non-authority" extends="struts-default" >

<action name="login" class="com.aumy.struts.example.LoginAction">

<result name="input">/login.jsp</result>

<result name="error">/error.jsp</result>

<result name="success">/welcome.jsp</result>

</action>

<action name="qurey" class="com.aumy.struts.example.LoginAction" method="qurey">

<result name="success">/qurey.jsp</result>

</action>

</package>

<!--受权限控制的Action请求配置-->

<package name="authority" extends="struts-default">

<interceptors>

<!--定义一个名为authority的拦截器-->

<interceptor

class="com.aumy.struts.example.intercepter.AuthorityInterceptor"

name="authority"/>

<!--定义一个包含权限检查的拦截器栈-->

<interceptor-stack name="mydefault">

<!--配置内建默认拦截器-->

<interceptor-ref name="defaultStack"/>

<!--配置自定义的拦截器-->

<interceptor-ref name="authority"/>

</interceptor-stack>

</interceptors>

<default-interceptor-ref name="mydefault" />

<!--定义全局Result-->

<global-results>

<result name="login">/login.jsp</result>

</global-results>

<action name="show" class="com.aumy.struts.example.LoginAction"

method="show">

<result name="success">/show.jsp</result>

</action>

<action name="add" class="com.aumy.struts.example.LoginAction"

method="add">

<result name="success">/add.jsp</result>

</action>

</package>

</struts>

(struts.properties)

Java代码

1. struts.custom.i18n.resources=message.messageResouce

struts.custom.i18n.resources=message.messageResouce

(web.xml)

Java代码

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="2.4"

xmlns="http://java.sun.com/xml/ns/j2ee"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee

http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<display-name>Struts test</display-name>

<filter>

<filter-name>struts2</filter-name>

<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>

</filter>

<filter-mapping>

<filter-name>struts2</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<welcome-file-list>

<welcome-file>login.jsp</welcome-file>

</welcome-file-list>

</web-app>

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="2.4"

xmlns="http://java.sun.com/xml/ns/j2ee"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee

http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<display-name>Struts test</display-name>

<filter>

<filter-name>struts2</filter-name>

<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>

</filter>

<filter-mapping>

<filter-name>struts2</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<welcome-file-list>

<welcome-file>login.jsp</welcome-file>

</welcome-file-list>

</web-app>

五、国际化资源文件(messageResouce.properties)

Java代码

loginPage=Login Page

errorPage=Error Page

succPage=Welcome Page

failTip=Sorry,You can't log in!

succTip=welcome,you has logged in!

user=User Name

pass=User Pass

login=Login

showPage=Show Page

showTip=show a example!

addPage=Add Page

addTip=add a example!

qureyPage=Qurey Page

qureyTip=qurey a example!

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
© 2005- 王朝网络 版权所有