Struts2 权限控制
一、页面部分
1、登陆页面代码(login.jsp)
<%@pagelanguage="java"contentType="text/html;charset=GBK"%>
<%@taglibprefix="s"uri="/struts-tags"%>
<html>
<head>
<title><s:textname="loginPage"/></title>
</head>
<body>
<!--使用form标签生成表单元素-->
<s:formaction="login">
<s:textfieldname="username"label="%{getText('user')}"/>
<s:textfieldname="password"label="%{getText('pass')}"/>
<s:submitvalue="%{getText('login')}"/>
</s:form>
</body>
</html>
2、登陆成功页面(welcome.jsp)
<%@pagelanguage="java"contentType="text/html;charset=GBK"%>
<%@taglibprefix="s"uri="/struts-tags"%>
<html>
<head>
<title><s:textname="succPage"/></title>
<s:head/>
</head>
<body>
<s:textname="succTip"/>
<br/>
<!--欢迎,${sessionScope.user},您已经登录!
${sessionScope.pass}-->
<p/>
<s:ahref="show.action">show</s:a>
<p/>
<s:ahref="add.action">add</s:a>
<p/>
<s:ahref="qurey.action">qurey</s:a>
</body>
</html>
3、登陆失败页面(error.jsp)
<%@pagelanguage="java"contentType="text/html;charset=GBK"%>
<%@taglibprefix="s"uri="/struts-tags"%>
<html>
<head>
<title><s:textname="errorPage"/></title>
</head>
<body>
<s:textname="failTip"/>
<p/>
<s:ahref="login.jsp">return</s:a>
</body>
</html>
4、和权限有关的几个显示页面
(add.jsp)
<%@pagelanguage="java"contentType="text/html;charset=GBK"%>
<%@taglibprefix="s"uri="/struts-tags"%>
<html>
<head>
<title><s:textname="addPage"/></title>
</head>
<body>
<s:textname="addTip"/>
<p/>
<s:ahref="login.jsp">returnlogin</s:a>
</body>
</html>
(show.jsp)
<%@pagelanguage="java"contentType="text/html;charset=GBK"%>
<%@taglibprefix="s"uri="/struts-tags"%>
<html>
<head>
<title><s:textname="showPage"/></title>
</head>
<body>
<s:textname="showTip"/>
<p/>
<s:ahref="login.jsp">returnlogin</s:a>
</body>
</html>
(qurey.jsp)
<%@pagelanguage="java"contentType="text/html;charset=GBK"%>
<%@taglibprefix="s"uri="/struts-tags"%>
<html>
<head>
<title><s:textname="qureyPage"/></title>
</head>
<body>
<s:textname="qureyTip"/>
<p/>
<s:ahref="login.jsp">returnlogin</s:a>
</body>
</html>
二、Action部分(LoginAction.java)
publicclassLoginActionextendsActionSupport{
privatestaticfinallongserialVersionUID=1030294046920869257L;
privateStringusername;
privateStringpassword;
//处理用户请求的execute方法
publicStringexecute()throwsException{
if(isInvalid(getUsername()))
returnINPUT;
if(isInvalid(getPassword()))
returnINPUT;
if((getUsername().equals("mm")||getUsername().equals("aumy"))
&&getPassword().equals("111")){
//通过ActionContext对象访问Web应用的Session
ActionContext.getContext().getSession().put("user",getUsername());
ActionContext.getContext().getSession().put("pass",getPassword());
System.out.println(getUsername()+"----"+getPassword());
returnSUCCESS;
}else{
System.out.println(getUsername()+"----"+getPassword());
returnERROR;
}
}
privatebooleanisInvalid(Stringvalue){
return(value==null||value.length()==0);
}
publicStringadd(){
returnSUCCESS;
}
publicStringshow(){
returnSUCCESS;
}
publicStringqurey(){
returnSUCCESS;
}
publicStringgetUsername(){
returnusername;
}
publicvoidsetUsername(Stringusername){
this.username=username;
}
publicStringgetPassword(){
returnpassword;
}
publicvoidsetPassword(Stringpassword){
this.password=password;
}
}
三、拦截器部分(AuthorityInterceptor.java)
publicclassAuthorityInterceptorextendsAbstractInterceptor{
privatestaticfinallongserialVersionUID=1358600090729208361L;
//拦截Action处理的拦截方法
publicStringintercept(ActionInvocationinvocation)throwsException{
//取得请求相关的ActionContext实例
ActionContextctx=invocation.getInvocationContext();
Mapsession=ctx.getSession();
//取出名为user的session属性
Stringuser=(String)session.get("user");
//如果没有登陆,或者登陆所有的用户名不是aumy,都返回重新登陆
if(user!=null&&user.equals("aumy")){
returninvocation.invoke();
}
//没有登陆,将服务器提示设置成一个HttpServletRequest属性
ctx.put("tip","您还没有登录,请登陆系统");
returnAction.LOGIN;
}
}
四、配置文件部分
(struts.xml)
<!DOCTYPEstrutsPUBLIC
"-//ApacheSoftwareFoundation//DTDStrutsConfiguration2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<includefile="struts-default.xml"/>
<!--不受权限控制的Action请求配置-->
<packagename="non-authority"extends="struts-default">
<actionname="login"class="com.aumy.struts.example.LoginAction">
<resultname="input">/login.jsp</result>
<resultname="error">/error.jsp</result>
<resultname="success">/welcome.jsp</result>
</action>
<actionname="qurey"class="com.aumy.struts.example.LoginAction"method="qurey">
<resultname="success">/qurey.jsp</result>
</action>
</package>
<!--受权限控制的Action请求配置-->
<packagename="authority"extends="struts-default">
<interceptors>
<!--定义一个名为authority的拦截器-->
<interceptor
class="com.aumy.struts.example.intercepter.AuthorityInterceptor"
name="authority"/>
<!--定义一个包含权限检查的拦截器栈-->
<interceptor-stackname="mydefault">
<!--配置内建默认拦截器-->
<interceptor-refname="defaultStack"/>
<!--配置自定义的拦截器-->
<interceptor-refname="authority"/>
</interceptor-stack>
</interceptors>
<default-interceptor-refname="mydefault"/>
<!--定义全局Result-->
<global-results>
<resultname="login">/login.jsp</result>
</global-results>
<actionname="show"class="com.aumy.struts.example.LoginAction"
method="show">
<resultname="success">/show.jsp</result>
</action>
<actionname="add"class="com.aumy.struts.example.LoginAction"
method="add">
<resultname="success">/add.jsp</result>
</action>
</package>
</struts>
(struts.properties)
struts.custom.i18n.resources=message.messageResouce
(web.xml)
<?xmlversion="1.0"encoding="UTF-8"?>
<web-appversion="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Strutstest</display-name>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>