首页 > 代码库 > java权限系统实现篇
java权限系统实现篇
以ssh框架来解释权限系统
首先在struts.xml里面配置2个拦截器栈,
第一个是登陆拦截器栈,没有登陆的用户就会被拦截,提示其登陆
<!-- begin intercepter --> <package name="haslogin" namespace="/" extends="json-default"> <interceptors> <interceptor name="loginInter" class="com.interceptor.LoginInterceptor"></interceptor> <interceptor-stack name="mydefault"> <interceptor-ref name="loginInter"></interceptor-ref> <interceptor-ref name="defaultStack"></interceptor-ref> </interceptor-stack> </interceptors> <default-interceptor-ref name="mydefault"></default-interceptor-ref> <global-results> <result name="login">/management/login.jsp</result> </global-results> </package> <!-- end intercepter -->
第二个是权限拦截器栈,先判断是否登陆,没登陆就跳到登陆,再判断权限,没权限跳到无权限页面
<!-- begin role intercepter --> <package name="hasrole" namespace="/" extends="json-default"> <!-- role intercepter --> <interceptors> <interceptor name="roleInter" class="com.interceptor.RoleInterceptor"></interceptor> <interceptor name="loginInter" class="com.interceptor.LoginInterceptor"></interceptor> <interceptor-stack name="mydefault"> <interceptor-ref name="loginInter"></interceptor-ref> <interceptor-ref name="roleInter"></interceptor-ref> <interceptor-ref name="defaultStack"></interceptor-ref> </interceptor-stack> </interceptors> <default-interceptor-ref name="mydefault"></default-interceptor-ref> <global-results> <result name="login">/management/login.jsp</result> <result name="none">/WEB_INF/404.jsp</result> </global-results> </package> <!--end role intercepter -->
第二步编写登陆拦截器 检查session中userid是否为null , 如果是 ,就让用户去登陆页面
package com.interceptor;
import java.util.Map;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class LoginInterceptor extends AbstractInterceptor {
private static final long serialVersionUID = 1L;
@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext ctx = invocation.getInvocationContext();
Map<String,Object> session = ctx.getSession();
String user = null;
if (session.get("userid")!=null) {
user=session.get("userid").toString();
}
if (user != null) {
return invocation.invoke();
}
return Action.LOGIN;
}
}
第三步 编写权限拦截器package com.interceptor;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class RoleInterceptor extends AbstractInterceptor {
private static final long serialVersionUID = 1L;
@SuppressWarnings("unchecked")
@Override
public String intercept(ActionInvocation invocation) throws Exception {
Map<String, Object> session = ActionContext.getContext().getSession();
Set<com.entity.ModuleFun> roles = new HashSet<com.entity.<span style="font-family: Arial, Helvetica, sans-serif;">ModuleFun</span><span style="font-family: Arial, Helvetica, sans-serif;">>();</span>
String currUrl = invocation.getProxy().getActionName();//获取当前action的name
if (session.get("roles") != null) {//用户登陆时将权限放入session中
roles = (Set<com.entity.ModuleFun>) session.get("roles");
for (com.entity.ModuleFun mfun: roles) {<span style="font-family: Arial, Helvetica, sans-serif;"> </span><span style="white-space:pre"></span><pre name="code" class="html"><span style="white-space:pre"> </span>if (mfun.getUrls.equals(currUrl+".action")) {
return invocation.invoke();
}} } return Action.NONE; } }三在登陆时把userid和roles存入session中
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。