struts2怎样控制权限?或者strut2+hibernate3.1怎样控制权限?
解决方案 »
- 正则表达式求助
- 在线等,100分。请求struts2标签问题
- 在线等啊!jxl的问题
- 有谁去新浪微博面试应用开发的实习生了?讲讲面试经啊!
- 如何在jsp上实现转发给一个完整url?
- Hibernate怎样映射到数据库的? Hibernate框架什么时候开始运作的
- win98下jsp运行环境变量配置问题(水上裸奔求救)
- 入门级问题,给意见就有分。
- 请大家,帮我看看这个 ResourceBundle and session的问题?在线等,急,急,急!!
- 请问eclipse和jsp如何配合起来使用?
- 关于struts2+freemarker跳转action样式加不上的问题求解决,谢谢!
- jstl中的forEach输出list内容时出错
用拦截器拦截请求,然后在拦截器里面判断用户权限,如果是这个权限就转到这个action,如果是那个权限就转到那个action等等...如果没有权限就返回登陆页
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;public class AuthenticationInterceptor extends AbstractInterceptor {
@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext ctx=ActionContext.getContext();
Map session=ctx.getSession();
Object user=session.get("user");
if(user==null) {
ActionSupport action=(ActionSupport)invocation.getAction();
action.addActionError("you have to login");
return Action.LOGIN;
}
return invocation.invoke();
}
}这是配置<struts>
<package name="default" extends="struts-default">
<interceptors>
<interceptor name="auth" class="com.lil.test_ch10_03.interceptor.AuthenticationInterceptor" />
<interceptor-stack name="securityStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="auth" />
</interceptor-stack>
</interceptors>
<global-results>
<result name="login">/WEB-INF/pages/login.jsp</result>
</global-results>
<action name="login" class="com.lil.test_ch10_03.action.LoginAction">
<result>/WEB-INF/pages/success.jsp</result>
<result name="input">/WEB-INF/pages/login.jsp</result>
</action>
<action name="resource">
<result>/WEB-INF/page/resource.jsp</result>
<interceptor-ref name="securityStack" />
</action>
</package>
</struts>这是需要保护的资源<%@ page language="java" contentType="text/html;charset=UTF-8" %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'resource.jsp' starting page</title>
</head>
<body>
testtesttesttesttesttesttesttest.
</body>
</html>
ActionSupport action=(ActionSupport)invocation.getAction();
action.addActionError("you have to login");
return Action.LOGIN; }
这段代码转到哪里去了呢
struts2 权限控制 示例需求:
要求用户登录,且必须为指定用户名才可以查看系统中某个视图资源;否则,系统直接转入登陆页面。 一、页面部分
1、登陆页面代码(login.jsp) <%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="loginPage" /></title>
</head>
<body>
<!-- 使用form标签生成表单元素 -->
<s:form action="login">
<s:textfield name="username" label="%{getText('user')}" />
<s:textfield name="password" label="%{getText('pass')}" />
<s:submit value="%{getText('login')}" />
</s:form>
</body>
</html>
2、登陆成功页面(welcome.jsp) <%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="succPage" /></title>
<s:head />
</head>
<body>
<s:text name="succTip" />
<br />
<!-- 欢迎,${sessionScope.user},您已经登录!
${sessionScope.pass}-->
<p />
<s:a href="show.action">show</s:a>
<p />
<s:a href="add.action">add</s:a>
<p />
<s:a href="qurey.action">qurey</s:a>
</body>
</html>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="errorPage" /></title>
</head>
<body>
<s:text name="failTip" />
<p />
<s:a href="login.jsp">return</s:a>
</body>
</html>
(add.jsp) <%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="addPage"/></title>
</head>
<body>
<s:text name="addTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html> (show.jsp) <%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="showPage"/></title>
</head>
<body>
<s:text name="showTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html> <%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="showPage"/></title>
</head>
<body>
<s:text name="showTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html>
Java代码
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="qureyPage"/></title>
</head>
<body>
<s:text name="qureyTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html> <%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="qureyPage"/></title>
</head>
<body>
<s:text name="qureyTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html>
二、Action部分(LoginAction.java)
Java代码
public class LoginAction extends ActionSupport {
private static final long serialVersionUID = 1030294046920869257L;
private String username;
private String password;
// 处理用户请求的execute方法
public String execute() throws Exception {
if (isInvalid(getUsername()))
return INPUT;
if (isInvalid(getPassword()))
return INPUT;
if ((getUsername().equals("mm") || getUsername().equals("aumy"))
&& getPassword().equals("111")) {
// 通过ActionContext对象访问Web应用的Session
ActionContext.getContext().getSession().put("user", getUsername());
ActionContext.getContext().getSession().put("pass", getPassword());
System.out.println(getUsername() + "----" + getPassword());
return SUCCESS;
} else {
System.out.println(getUsername() + "----" + getPassword());
return ERROR;
}
}
private boolean isInvalid(String value) {
return (value == null || value.length() == 0);
}
public String add() {
return SUCCESS;
}
public String show() {
return SUCCESS;
}
public String qurey() {
return SUCCESS;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
} public class LoginAction extends ActionSupport {
private static final long serialVersionUID = 1030294046920869257L;
private String username;
private String password; // 处理用户请求的execute方法
public String execute() throws Exception {
if (isInvalid(getUsername()))
return INPUT; if (isInvalid(getPassword()))
return INPUT; if ((getUsername().equals("mm") || getUsername().equals("aumy"))
&& getPassword().equals("111")) {
// 通过ActionContext对象访问Web应用的Session
ActionContext.getContext().getSession().put("user", getUsername());
ActionContext.getContext().getSession().put("pass", getPassword());
System.out.println(getUsername() + "----" + getPassword());
return SUCCESS;
} else {
System.out.println(getUsername() + "----" + getPassword());
return ERROR;
}
} private boolean isInvalid(String value) {
return (value == null || value.length() == 0);
} public String add() {
return SUCCESS;
} public String show() {
return SUCCESS;
} public String qurey() {
return SUCCESS;
} public String getUsername() {
return username;
} public void setUsername(String username) {
this.username = username;
} public String getPassword() {
return password;
} public void setPassword(String password) {
this.password = password;
}
}
三、拦截器部分(AuthorityInterceptor.java) Java代码
public class AuthorityInterceptor extends AbstractInterceptor {
private static final long serialVersionUID = 1358600090729208361L;
//拦截Action处理的拦截方法
public String intercept(ActionInvocation invocation) throws Exception {
// 取得请求相关的ActionContext实例
ActionContext ctx=invocation.getInvocationContext();
Map session=ctx.getSession();
//取出名为user的session属性
String user=(String)session.get("user");
//如果没有登陆,或者登陆所有的用户名不是aumy,都返回重新登陆
if(user!=null && user.equals("aumy")){
return invocation.invoke();
}
//没有登陆,将服务器提示设置成一个HttpServletRequest属性
ctx.put("tip","您还没有登录,请登陆系统");
return Action.LOGIN;
}
} public class AuthorityInterceptor extends AbstractInterceptor {
private static final long serialVersionUID = 1358600090729208361L; //拦截Action处理的拦截方法
public String intercept(ActionInvocation invocation) throws Exception {
// 取得请求相关的ActionContext实例
ActionContext ctx=invocation.getInvocationContext();
Map session=ctx.getSession();
//取出名为user的session属性
String user=(String)session.get("user");
//如果没有登陆,或者登陆所有的用户名不是aumy,都返回重新登陆
if(user!=null && user.equals("aumy")){
return invocation.invoke();
}
//没有登陆,将服务器提示设置成一个HttpServletRequest属性
ctx.put("tip","您还没有登录,请登陆系统");
return Action.LOGIN;
}
}
Java代码
struts.custom.i18n.resources=message.messageResouce struts.custom.i18n.resources=message.messageResouce
(web.xml)
Java代码
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Struts test</display-name>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app> <?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Struts test</display-name> <filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter> <filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>五、国际化资源文件(messageResouce.properties)
Java代码
loginPage=Login Page
errorPage=Error Page
succPage=Welcome Page
failTip=Sorry,You can't log in!
succTip=welcome,you has logged in!
user=User Name
pass=User Pass
login=Login
showPage=Show Page
showTip=show a example!
addPage=Add Page
addTip=add a example!
qureyPage=Qurey Page
qureyTip=qurey a example!
下面代码是设置查询权限:<%if( Login.isQueryJobTime()){%>
<s:submit value="Query" ></s:submit>
<%}else{ %>
<s:submit value="Query" disabled="true"></s:submit>
<%}%>
谢谢, 学习中...