Struts2使用攔截器完成權限控制示例
關鍵字: struts2 權限控制
示例需求:
要求用戶登錄,且必須為指定用戶名才可以查看系統中某個視圖資源;否則,系統直接轉入登陸頁面。
一、頁面部分
1、登陸頁面代碼(login.jsp)
java代碼
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib <html>
<head>
<title><s:text name="loginPage" /></title>
</head>
<body>
<!-- 使用form標簽生成表單元素 -->
<s:form action="login">
<s:textfield name="username" label="%{getText('user')}" />
<s:textfield name="passWord" label="%{getText('pass')}" />
<s:submit value="%{getText('login')}" />
</s:form>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="loginPage" /></title>
</head>
<body>
<!-- 使用form標簽生成表單元素 -->
<s:form action="login">
<s:textfield name="username" label="%{getText('user')}" />
<s:textfield name="password" label="%{getText('pass')}" />
<s:submit value="%{getText('login')}" />
</s:form>
</body>
</html>
2、登陸成功頁面(welcome.jsp)
Java代碼
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="succPage" /></title>
<s:head />
</head>
<body>
<s:text name="succT <br />
<!-- 歡迎,${sessionScope.user},您已經登錄!
${sessionScope.pass}-->
<p />
<s:a href="show.action">show</s:a>
<p />
<s:a href="add.action">add</s:a>
<p />
<s:a href="qurey.action">qurey</s:a>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="succPage" /></title>
<s:head />
</head>
<body>
<s:text name="succTip" />
<br />
<!-- 歡迎,${sessionScope.user},您已經登錄!
${sessionScope.pass}-->
<p />
<s:a href="show.action">show</s:a>
<p />
<s:a href="add.action">add</s:a>
<p />
<s:a href="qurey.action">qurey</s:a>
</body>
</html>
3、登陸失敗頁面(error.jsp)
Java代碼
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="errorPage" /></title>
</head>
<body>
<s:text name="failTip" />
<p />
<s:a href="login.jsp">return</s:a>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="errorPage" /></title>
</head>
<body>
<s:text name="failTip" />
<p />
<s:a href="login.jsp">return</s:a>
</body>
</html>
4、和權限有關的幾個顯示頁面
(add.jsp)
Java代碼
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="addPage"/></title>
</head>
<body>
<s:text name="addTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="addPage"/></title>
</head>
<body>
<s:text name="addTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html>
(show.jsp)
Java代碼
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="showPage"/></title>
</head>
<body>
<s:text name="showTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="showPage"/></title>
</head>
<body>
<s:text name="showTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html>
(qurey.jsp)
Java代碼
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="qureyPage"/></title>
</head>
<body>
<s:text name="qureyTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
<head>
<title><s:text name="qureyPage"/></title>
</head>
<body>
<s:text name="qureyTip"/>
<p />
<s:a href="login.jsp">return login</s:a>
</body>
</html>
二、Action部分(LoginAction.java)
Java代碼
public class LoginAction extends ActionSupport {
private static final long serialVersionUID = 1030294046920869257L;
private String username;
private String password;
// 處理用戶請求的execute方法
public String execute() throws Exception {
if (isInvalid(getUsername()))
return INPUT;
if (isInvalid(getPassword()))
return INPUT;
if ((getUsername().equals("mm") || getUsername().equals("aumy"))
&& getPassword().equals("111")) {
// 通過ActionContext對象訪問Web應用的Session
ActionContext.getContext().getSession().put("user", getUsername());
ActionContext.getContext().getSession().put("pass", getPassword());
System.out.println(getUsername() + "----" + getPassword());
return SUCCESS;
} else {
System.out.println(getUsername() + "----" + getPassword());
return ERROR;
}
}
private boolean isInvalid(String value) {
return (value == null || value.length() == 0);
}
public String add() {
return SUCCESS;
}
public String show() {
return SUCCESS;
}
public String qurey() {
return SUCCESS;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
public class LoginAction extends ActionSupport {
private static final long serialVersionUID = 1030294046920869257L;
private String username;
private String password;
// 處理用戶請求的execute方法
public String execute() throws Exception {
if (isInvalid(getUsername()))
return INPUT;
if (isInvalid(getPassword()))
return INPUT;
if ((getUsername().equals("mm") || getUsername().equals("aumy"))
&& getPassword().equals("111")) {
// 通過ActionContext對象訪問Web應用的Session
ActionContext.getContext().getSession().put("user", getUsername());
ActionContext.getContext().getSession().put("pass", getPassword());
System.out.println(getUsername() + "----" + getPassword());
return SUCCESS;
} else {
System.out.println(getUsername() + "----" + getPassword());
return ERROR;
}
}
private boolean isInvalid(String value) {
return (value == null || value.length() == 0);
}
public String add() {
return SUCCESS;
}
public String show() {
return SUCCESS;
}
public String qurey() {
return SUCCESS;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
三、攔截器部分(AuthorityInterceptor.java)
Java代碼
public class AuthorityInterceptor extends AbstractInterceptor {
private static final long serialVersionUID = 1358600090729208361L;
//攔截Action處理的攔截方法
public String intercept(ActionInvocation invocation) throws Exception {
// 取得請求相關的ActionContext實例
ActionContext ctx=invocation.getInvocationContext();
Map session=ctx.getSession();
//取出名為user的session屬性
String user=(String)session.get("user");
//如果沒有登陸,或者登陸所有的用戶名不是aumy,都返回重新登陸
if(user!=null && user.equals("aumy")){
return invocation.invoke();
}
//沒有登陸,將服務器提示設置成一個HttpServletRequest屬性
ctx.put("tip","您還沒有登錄,請登陸系統");
return Action.LOGIN;
}
}
public class AuthorityInterceptor extends AbstractInterceptor {
private static final long serialVersionUID = 1358600090729208361L;
//攔截Action處理的攔截方法
public String intercept(ActionInvocation invocation) throws Exception {
// 取得請求相關的ActionContext實例
ActionContext ctx=invocation.getInvocationContext();
Map session=ctx.getSession();
//取出名為user的session屬性
String user=(String)session.get("user");
//如果沒有登陸,或者登陸所有的用戶名不是aumy,都返回重新登陸
if(user!=null && user.equals("aumy")){
return invocation.invoke();
}
//沒有登陸,將服務器提示設置成一個HttpServletRequest屬性
ctx.put("tip","您還沒有登錄,請登陸系統");
return Action.LOGIN;
}
}
四、配置文件部分
(struts.xml)
Java代碼
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"<struts>
<include file="struts-default.xml"/>
<!--不受權限控制的Action請求配置-->
<package name="non-authority" extends="struts-default" >
<action name="login" class="com.aumy.struts.example.LoginAction">
<result name="input">/login.jsp</result>
<result name="error">/error.jsp</result>
<result name="success">/welcome.jsp</result>
</action>
<action name="qurey" class="com.aumy.struts.example.LoginAction" method="qurey">
<result name="success">/qurey.jsp</result>
</action>
</package>
<!--受權限控制的Action請求配置-->
<package name="authority" extends="struts-default">
<interceptors>
<!--定義一個名為authority的攔截器-->
<interceptor
class="com.aumy.struts.example.intercepter.AuthorityInterceptor"
name="authority"/>
<!--定義一個包含權限檢查的攔截器棧-->
<interceptor-stack name="mydefault">
<!--配置內建默認攔截器-->
<interceptor-ref name="defaultStack"/>
<!--配置自定義的攔截器-->
<interceptor-ref name="authority"/>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="mydefault" />
<!--定義全局Result-->
<global-results>
<result name="login">/login.jsp</result>
</global-results>
<action name="show" class="com.aumy.struts.example.LoginAction"
method="show">
<result name="success">/show.jsp</result>
</action>
<action name="add" class="com.aumy.struts.example.LoginAction"
method="add">
<result name="success">/add.jsp</result>
</action>
</package>
</struts>
(struts.properties)
Java代碼
1. struts.custom.i18n.resources=message.messageResouce
struts.custom.i18n.resources=message.messageResouce
(web.xml)
Java代碼
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns=" xmlns:xsi=" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
<display-name>Struts test</display-name>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns=" xmlns:xsi=" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
<display-name>Struts test</display-name>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>
五、國際化資源文件(messageResouce.properties)
Java代碼
loginPage=Login Page
errorPage=Error Page
succPage=Welcome Page
failTip=Sorry,You can't log in!
succTip=welcome,you has logged in!
user=User Name
pass=User Pass
login=Login
showPage=Show Page
showTip=show a example!
addPage=Add Page
addTip=add a example!
qureyPage=Qurey Page
qureyTip=qurey a example!
新聞熱點
疑難解答
