利用struts2拦截器加自定义注解实现权限控制

今天结合Java的Annotation和Struts2进行注解拦截器权限控制。

功能需求：添加、查找、删除三个功能，添加、查找功能需进行权限拦截判断，删除功能则不需进行权限拦截判断。

操作流程如下：客户未登录或登录已超时，提示“客户还没登陆或登陆已超时！！！”，终止执行，然后跳转到某页面；否则继续往下执行。

以下模拟案例大概实现如上需求，接下来废话少说，直接copy代码

项目地址

1、项目目录结构



2、权限控制注解类Authority.java

package com.ljq.action;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
* 用于识别在进行action调用的时候，标注该方法调用是否需要权限控制，需要什么样的权限的注解类。
*
* 该注解类一般会包括两个属性，一个是需要的权限，一个是对应的action。
*
* @author Administrator
*
*/
//表示在什么级别保存该注解信息
@Retention(RetentionPolicy.RUNTIME)
//表示该注解用于什么地方
@Target(ElementType.METHOD)
public @interface Authority {
String actionName();
String privilege();
}

3、权限拦截器类AuthorityInterceptor.java

package com.ljq.action;

import java.lang.reflect.Method;
import java.util.Date;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;

/**
* 用于拦截请求判断是否拥有权限的拦截器
*
* @author Administrator
*
*/
@SuppressWarnings("serial")
public class AuthorityInterceptor implements Interceptor{

public void destroy() {

}

public void init() {

}

public String intercept(ActionInvocation actionInvocation) throws Exception {
String methodName=actionInvocation.getProxy().getMethod();
Method currentMethod=actionInvocation.getAction()
.getClass().getMethod(methodName, null);

//1、判断客户是否登陆

//从session获取当前客户信息
Employee employee=(Employee)ServletActionContext
.getRequest().getSession().getAttribute("employee");
if(employee==null){
System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
System.out.println("客户还没登陆或登陆已超时！！！");
System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
System.out.println();
return "index";
}

//2、进行权限控制判断

//如果该请求方法是需要进行验证的则需执行以下逻辑
if(currentMethod.isAnnotationPresent(Authority.class)){
//获取权限校验的注解
Authority authority=currentMethod.getAnnotation(Authority.class);
//获取当前请求的注解的actionName
String actionName=authority.actionName();
//获取当前请求需要的权限
String privilege=authority.privilege();

//可以在此判断当前客户是否拥有对应的权限，如果没有可以跳到指定的无权限提示页面，如果拥有则可以继续往下执行。

//if(拥有对应的权限){
//    return actionInvocation.invoke();
//}else{
//    return "无权限";
//}

System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
System.out.println("客户" + employee.getUserName() + "在" + new Date() + "执行了" + actionName+"方法，拥有"+privilege+"权限！！");
System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
System.out.println();
return actionInvocation.invoke();
}

//3、进行非权限控制判断

System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
System.out.println("我执行了没有？？");
System.out.println("++++++++++++++++++++++++++++++++++++++++++++++++++++++");
return "index";
}

}

4、客户信息类Employee.java

package com.ljq.action;

import java.io.Serializable;

@SuppressWarnings("serial")
public class Employee implements Serializable {

private Integer id;
private String userName;
private String pwd;

public Employee() {
}

public Integer getId() {
return id;
}

public void setId(Integer id) {
this.id = id;
}

public String getUserName() {
return userName;
}

public void setUserName(String userName) {
this.userName = userName;
}

public String getPwd() {
return pwd;
}

public void setPwd(String pwd) {
this.pwd = pwd;
}

}

5、action类EmployeeAction

package com.ljq.action;

import com.opensymphony.xwork2.ActionSupport;

@SuppressWarnings("serial")
public class EmployeeAction extends ActionSupport{

/**
* 添加
*
* 请求该方法需要拥有对test的add权限，会通过拦截器拦截
*
* @return
*/
@Authority(actionName="test", privilege="add")
public String add(){
System.out.println("执行了add方法！！！");
return SUCCESS;
}

/**
* 查找
*
* 请求该方法的时候需要拥有对test的find权限，会通过拦截器拦截
*
* @return
* @throws Exception
*/
@Authority(actionName="test", privilege="find")
public String find() throws Exception {
System.out.println("执行了find方法！！！");
return SUCCESS;
}

/**
* 删除
*
* 不会通过拦截器拦截，因为没对actionName进行权限配置
*
* @return
* @throws Exception
*/
public String delete() throws Exception {
System.out.println("执行了delete方法！！！");
return SUCCESS;
}

}

6、首页index.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib uri="/struts-tags" prefix="s"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">

<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>

<body>
欢迎您的到来....
</body>
</html>

7、登录页login.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@page import="com.ljq.action.Employee"%>
<%
Employee employee=new Employee();
employee.setId(1);
employee.setUserName("jiqinlin");
employee.setPwd("123456");
request.getSession().setAttribute("employee", employee);
%>

客户已经登录

8、struts2配置文件

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
<constant name="struts.serve.static.browserCache" value="false"/>
<constant name="struts.action.extension" value="do"/>
<constant name="struts.i18n.encoding" value="UTF-8"/>

<package name="base" extends="struts-default">
<global-results>
<result name="index">/index.jsp</result>
<result name="success">/login.jsp</result>
</global-results>
</package>

<!-- 自定义拦截器 -->
<package name="permissionInterceptor"
namespace="/permissionInterceptor" extends="base">
<interceptors>
<!-- 注册自定义的权限控制拦截器 -->
<interceptor name="authorityInterceptor" class="com.ljq.action.AuthorityInterceptor"/>

<!-- 把自定义的权限控制拦截器和默认的拦截器栈加到新的自定义的拦截器栈 -->
<interceptor-stack name="myInterceptors">
<interceptor-ref name="defaultStack"/>
<interceptor-ref name="authorityInterceptor"/>
</interceptor-stack>
</interceptors>
<!-- 指定新的自定义的拦截器栈为默认的拦截器栈，这样自定义的权限控制拦截器就可以发挥作用了 -->
<default-interceptor-ref name="myInterceptors"/>
</package>

<package name="employee" extends="permissionInterceptor">
<action name="*Employee" class="com.ljq.action.EmployeeAction" method="{1}">
</action>
</package>

</struts>

web.xml配置文件

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> 
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>

<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>

跟踪控制台打印的信息

1、未登录，访问查找功能：http://localhost:8083/struts2_authority_interceptor/addEmployee.do



2、已登录，访问添加功能：http://localhost:8083/struts2_authority_interceptor/login.jsp
http://localhost:8083/struts2_authority_interceptor/addEmployee.do


已登录，访问查找功能：http://localhost:8083/struts2_authority_interceptor/login.jsp
http://localhost:8083/struts2_authority_interceptor/findEmployee.do


3、已登录，访问删除功能

已登录，访问查找功能：http://localhost:8083/struts2_authority_interceptor/login.jsp

http://localhost:8083/struts2_authority_interceptor/deleteEmployee.do



完毕！！