java自定义标签(改造spring security配合控制按钮权限)

参考 http://gaojiewyh.iteye.com/blog/1501470
自定义一个简单的标签，传入按钮对应的url后台判断该用户是否有对应权限访问按钮。

tag java类   通过SpringWiredBean获取对应的bean获取权限数据(SpringWiredBean查看我的另一篇文章)

如果直接使用bean会报错：奇怪的错

javax.naming.NameNotFoundException Name com.eversec.satanbox.security.tag.AuthorizeTag is not bound in this Context

package com.eversec.satanbox.security.tag;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.tagext.BodyTagSupport;

import org.springframework.stereotype.Component;

import com.eversec.satanbox.base.Constant;
import com.eversec.satanbox.entity.SysUser;
import com.eversec.satanbox.security.CustomInvocationSecurityMetadataSourceService;
import com.eversec.satanbox.util.SpringWiredBean;

@Component
public class AuthorizeTag extends BodyTagSupport{

/**
*
*/
private static final long serialVersionUID = 1L;

private String buttonUrl;
private String currentUser;

public String getButtonUrl() {
return buttonUrl;
}

public void setButtonUrl(String buttonUrl) {
this.buttonUrl = buttonUrl;
}

public String getCurrentUser() {
return currentUser;
}

public void setCurrentUser(String currentUser) {
this.currentUser = currentUser;
}

@Override
public int doStartTag(){
SysUser sysUser = (SysUser)(((HttpServletRequest)this.pageContext.getRequest()).getSession().getAttribute(Constant.SESSION_USER_KEY));

CustomInvocationSecurityMetadataSourceService customSecurityMetadataSource = (CustomInvocationSecurityMetadataSourceService)SpringWiredBean.getInstance().getBeanById("customSecurityMetadataSource");
List<String> list = customSecurityMetadataSource.getUserSecurityMap().get(sysUser.getUsername());

if (list != null && list.contains(buttonUrl)) {
return EVAL_BODY_INCLUDE;
}

return this.SKIP_BODY;
}

}

authorize.tld 放在WEB-INF下面

<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd" version="2.1">
<description>
<![CDATA[security Tags]]>
</description>
<tlib-version>1.0</tlib-version>
<short-name>security</short-name>
<uri>http://www.springsecurity.org/jsp</uri>
<tag>
<description>
<![CDATA[authorize Tag]]>
</description>
<name>authorize</name>
<tag-class>
com.eversec.satanbox.security.tag.A
4000
uthorizeTag
</tag-class>
<body-content>JSP</body-content>
<attribute>
<name>buttonUrl</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<type>java.lang.String</type>
</attribute>
<attribute>
<name>currentUser</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<type>java.lang.String</type>
</attribute>
</tag>
</taglib>

在web.xml中添加如下内容

<jsp-config>
<taglib>
<taglib-uri>http://www.springsecurity.org/jsp</taglib-uri>
<taglib-location>/WEB-INF/authorize.tld</taglib-location>
</taglib>
</jsp-config>

在jsp中添加如何标签引用，以及使用方式示例

<%@ taglib uri="http://www.springsecurity.org/jsp" prefix="security"%>

<security:authorize buttonUrl="sysLog/list">
<a href="javascript:void(0);" class="btn btn-default btn-circle new">
<i class="fa fa-plus"></i>
<span class="hidden-480">新建</span>
</a>
</security:authorize>