1、
struts-config.xml中的配置
class="java">
<package name="ehrDefault" extends="struts-default">
<interceptors>
<interceptor name="admin"
class="com.gd.interceptor.AdminInterceptor" />
<interceptor-stack name="requireLogin">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="admin" />
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="requireLogin" />
<global-results>
<result name="login" type="redirect">/index.jsp</result>
</global-results>
</package>
2、拦截类
package com.gd.interceptor;
import java.util.Map;
import javax.servlet.ServletContext;
import org.apache.commons.lang.StringUtils;
import org.apache.struts2.ServletActionContext;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.gd.po.Userinfo;
import com.gd.service.ISecurityPermissionManager;
import com.gd.service.ISecurityUserManager;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class AdminInterceptor extends AbstractInterceptor {
private static final long serialVersionUID = 7426957840297915277L;
@Override
public String intercept(ActionInvocation ai) throws Exception {
Map<String, Object> session = ai.getInvocationContext().getSession();
if (session == null) {
return Action.LOGIN;
}
Userinfo user = (Userinfo) session.get("user");
if (user == null) {
return Action.LOGIN;
}
// 用户访问Action权限判断
if (!actionAuthority(ai, session)) {
return Action.LOGIN;
}
return ai.invoke();
}
public boolean actionAuthority(ActionInvocation ai, Map<String, Object> session) {
// 用户访问Action权限判断
ServletContext sc = ServletActionContext.getServletContext();
String permission = ai.getProxy().getActionName().toLowerCase() + "." + ai.getProxy().getMethod().toLowerCase();
ApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(sc);
ISecurityUserManager securityUserManager = (ISecurityUserManager) context.getBean("securityUserManager");
ISecurityPermissionManager securityPermissionManager = (ISecurityPermissionManager) context.getBean("securityPermissionManager");
if(!securityPermissionManager.checkIsRepeatPermission(permission)){
return true;
}
if(securityUserManager!=null){
Userinfo userInfo=(Userinfo)session.get("user");
return securityUserManager.checkPrivilege(userInfo.getUserName(),permission);
}
return true;
}
}
在以上拦截类中。系统会拦截到类似于loginAction.islogin这样的请求,在配置中我们将这样的请求手动录入数据库,然后根据当前用户查询该请求是否
授权于用户(该块功能自己设计,比较简单),在
用户登录时即将这样授权用户的
请求数据取出放入session,在页面中用fn标签进行这样的判断:
<c:if test="${fn:containsIgnoreCase(permissions, 'classiccasesaction.list')}">
<li><a href="ClassicCasesAction!list.action" target="main">病例自学</a></li>
</c:if>
如果授权了,则该功能链接显示并能使用。
相关文章
