java自定义标签(改造spring security配合控制按钮权限)
2016-08-05 15:40
471 查看
参考 http://gaojiewyh.iteye.com/blog/1501470
自定义一个简单的标签,传入按钮对应的url后台判断该用户是否有对应权限访问按钮。
tag java类 通过SpringWiredBean获取对应的bean获取权限数据(SpringWiredBean查看我的另一篇文章)
如果直接使用bean会报错:奇怪的错
javax.naming.NameNotFoundException Name com.eversec.satanbox.security.tag.AuthorizeTag is not bound in this Context
authorize.tld 放在WEB-INF下面
在web.xml中添加如下内容
在jsp中添加如何标签引用,以及使用方式示例
<%@ taglib uri="http://www.springsecurity.org/jsp" prefix="security"%>
<security:authorize buttonUrl="sysLog/list">
<a href="javascript:void(0);" class="btn btn-default btn-circle new">
<i class="fa fa-plus"></i>
<span class="hidden-480">新建</span>
</a>
</security:authorize>
自定义一个简单的标签,传入按钮对应的url后台判断该用户是否有对应权限访问按钮。
tag java类 通过SpringWiredBean获取对应的bean获取权限数据(SpringWiredBean查看我的另一篇文章)
如果直接使用bean会报错:奇怪的错
javax.naming.NameNotFoundException Name com.eversec.satanbox.security.tag.AuthorizeTag is not bound in this Context
package com.eversec.satanbox.security.tag; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.jsp.tagext.BodyTagSupport; import org.springframework.stereotype.Component; import com.eversec.satanbox.base.Constant; import com.eversec.satanbox.entity.SysUser; import com.eversec.satanbox.security.CustomInvocationSecurityMetadataSourceService; import com.eversec.satanbox.util.SpringWiredBean; @Component public class AuthorizeTag extends BodyTagSupport{ /** * */ private static final long serialVersionUID = 1L; private String buttonUrl; private String currentUser; public String getButtonUrl() { return buttonUrl; } public void setButtonUrl(String buttonUrl) { this.buttonUrl = buttonUrl; } public String getCurrentUser() { return currentUser; } public void setCurrentUser(String currentUser) { this.currentUser = currentUser; } @Override public int doStartTag(){ SysUser sysUser = (SysUser)(((HttpServletRequest)this.pageContext.getRequest()).getSession().getAttribute(Constant.SESSION_USER_KEY)); CustomInvocationSecurityMetadataSourceService customSecurityMetadataSource = (CustomInvocationSecurityMetadataSourceService)SpringWiredBean.getInstance().getBeanById("customSecurityMetadataSource"); List<String> list = customSecurityMetadataSource.getUserSecurityMap().get(sysUser.getUsername()); if (list != null && list.contains(buttonUrl)) { return EVAL_BODY_INCLUDE; } return this.SKIP_BODY; } }
authorize.tld 放在WEB-INF下面
<?xml version="1.0" encoding="UTF-8" ?> <taglib xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd" version="2.1"> <description> <![CDATA[security Tags]]> </description> <tlib-version>1.0</tlib-version> <short-name>security</short-name> <uri>http://www.springsecurity.org/jsp</uri> <tag> <description> <![CDATA[authorize Tag]]> </description> <name>authorize</name> <tag-class> com.eversec.satanbox.security.tag.A 4000 uthorizeTag </tag-class> <body-content>JSP</body-content> <attribute> <name>buttonUrl</name> <required>false</required> <rtexprvalue>true</rtexprvalue> <type>java.lang.String</type> </attribute> <attribute> <name>currentUser</name> <required>false</required> <rtexprvalue>true</rtexprvalue> <type>java.lang.String</type> </attribute> </tag> </taglib>
在web.xml中添加如下内容
<jsp-config> <taglib> <taglib-uri>http://www.springsecurity.org/jsp</taglib-uri> <taglib-location>/WEB-INF/authorize.tld</taglib-location> </taglib> </jsp-config>
在jsp中添加如何标签引用,以及使用方式示例
<%@ taglib uri="http://www.springsecurity.org/jsp" prefix="security"%>
<security:authorize buttonUrl="sysLog/list">
<a href="javascript:void(0);" class="btn btn-default btn-circle new">
<i class="fa fa-plus"></i>
<span class="hidden-480">新建</span>
</a>
</security:authorize>
相关文章推荐
- Java Web开发-简单的Java Web项目(含访问本地MySQL)-应用例程
- java.util.Collections.synchronizedMap()方法实例
- Spring+Quartz实现定时任务的配置方法
- java反射机制简单认知
- JDK配置环境变量要点
- java反射拼接方法名动态执行方法实例
- [SpringBoot]构建SpringBoot项目 By Eclipse
- java数据转换error:java.math.BigDecimal cannot be cast to java.lang.Double
- Virtualbox 基于Java的应用
- java对象转成JSON字符串,避免 $ref
- Spring注解@Component、@Repository、@Service、@Controller区别
- JAVA中toString方法的作用
- java POI解析Excel 之数据转换公用方法(推荐)
- 用protobuf进行C#与Java通信
- java并发编程:线程让步
- 深入浅出HashMap原理
- java中的泛型
- Spring 定时任务的配置
- 一个简易的Java多页面队列爬虫程序
- SpringMVC拦截器