大多数网站会设置用户权限,如过滤非法用户,用户不登录时不能进行访问,或者设置访问的权限,如部分内容仅对VIP开放等等,这些权限的控制都可以用struts2中的拦截器来实现。
下面通过一个简单的Demo来模拟这种用户权限控制的实现流程,设定三种不同身份的用户,commen为普通用户,VIP为会员用户,还有一种admin为管理员。
先看一下Demo的整体结构:
首先搭建struts2框架的开发环境(前面博客中有介绍),环境搭建完之后又再看一看如何配置struts.xml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
<? xml version = "1.0" encoding = "UTF-8" ?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.3//EN" "http://struts.apache.org/dtds/struts-2.3.dtd"> < struts > < package name = "hello" extends = "struts-default" namespace = "/" > < interceptors > < interceptor name = "testInterceptor" class = "org.interceptor.InterceptorTest" ></ interceptor > <!-- 一个拦截器栈中可以定义多个拦截器 --> < interceptor-stack name = "testStack" > < interceptor-ref name = "testInterceptor" /> < interceptor-ref name = "defaultStack" /> </ interceptor-stack > </ interceptors > <!--全局结果处理 --> < global-results > < result name = "error" >/Error.jsp</ result > </ global-results > < action name = "login" class = "org.interceptor.LoginAction" > < result >/WEB-INF/pages/index.jsp</ result > </ action > < action name = "admin" class = "org.interceptor.LoginAction" method = "AdminExecute" > < interceptor-ref name = "testStack" ></ interceptor-ref > < result >/WEB-INF/pages/admin.jsp</ result > </ action > < action name = "vip" class = "org.interceptor.LoginAction" method = "vipExecute" > < interceptor-ref name = "testStack" ></ interceptor-ref > < result >/WEB-INF/pages/vipUser.jsp</ result > </ action > < action name = "commen" class = "org.interceptor.LoginAction" method = "commenExecute" > < interceptor-ref name = "testStack" ></ interceptor-ref > < result >/WEB-INF/pages/commen.jsp</ result > </ action > </ package > </ struts > |
其中,<global-results></global-results>是全局的result,有很多时候一个<result>可供很多<action>使用,这时可以使用<global-results>标签来定义全局的<result>。执行顺序:当一个Action返回的String没有相应的<result>与之对应,Struts2就会查找全局的<result>,所以本次模拟测试中不符合条件被拦截的请求都会转到error.jsp。
Action类,不做处理,全部放行,让拦截器处理:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
public class LoginAction implements SessionAware{ @SuppressWarnings ( "unused" ) private String username; private Map<String,Object> session; public void setUsername(String username) { this .username = username; session.put( "username" , username); } public void setSession(Map<String, Object> session) { // TODO Auto-generated method stub this .session = session; } public String AdminExecute(){ return "success" ; } public String vipExecute(){ return "success" ; } public String commenExecute(){ return "success" ; } public String execute(){ return "success" ; } } |
Inteceptor(拦截器类):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
public class LoginAction implements SessionAware{ @SuppressWarnings ( "unused" ) private String username; private Map<String,Object> session; public void setUsername(String username) { this .username = username; session.put( "username" , username); } public void setSession(Map<String, Object> session) { // TODO Auto-generated method stub this .session = session; } public String AdminExecute(){ return "success" ; } public String vipExecute(){ return "success" ; } public String commenExecute(){ return "success" ; } public String execute(){ return "success" ; } } |
只是 模拟拦截器的实现思路,没有持久层的数据,这里的方法是使用invocation.getProxy().getActionName()方法来获取struts.xml中配置的action名称,和用户表单提交的名称做对比,如果输入的用户名是以action名开头的,就放行,否则拦截。
登录jsp:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
<%@ page language= "java" import = "java.util.*" pageEncoding= "UTF-8" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+ "://" +request.getServerName()+ ":" +request.getServerPort()+path+ "/" ; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" > <html> <head> <base href= "<%=basePath%>" rel= "external nofollow" rel= "external nofollow" > <title>login</title> </head> <body> <form action= "login.action" > <input type= "text" name= "username" /> <input type= "password" name= "password" /> <input type= "submit" value= "login" > </form> </body> </html> |
拦截后跳转页:
1
2
3
|
< body > < h4 >你的权限不足,请先升级权限...</ h4 > </ body > |
访问资源代码:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
<%@ page language= "java" import = "java.util.*" pageEncoding= "UTF-8" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+ "://" +request.getServerName()+ ":" +request.getServerPort()+path+ "/" ; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" > <html> <head> <base href= "<%=basePath%>" rel= "external nofollow" rel= "external nofollow" > <title>index</title> </head> <body> <a href= "admin.action" rel= "external nofollow" >admin</a><br/> <a href= "vip.action" rel= "external nofollow" >vip</a><br/> <a href= "commen.action" rel= "external nofollow" >commen</a> </body> </html> |
其余admin.jsp等界面没有内容,只是为了区分实现跳转页面不同。
运行结果:
使用commen角色登录:
点击VIP以及admin跳转链接时:
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。
原文链接:http://blog.csdn.net/weixin_36380516/article/details/71429800?utm_source=tuicool&utm_medium=referral