权限校验

最新推荐文章于 2025-06-06 13:40:53 发布

原创最新推荐文章于 2025-06-06 13:40:53 发布 · 227 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#java

struts 专栏收录该内容

1 篇文章

订阅专栏

本文详细阐述了权限校验的实现方式，通过继承自RequestProcessor的自定义类ShyRequestProcessor来确保用户操作符合其权限。介绍了如何通过反射获取方法上的注解，以及如何根据用户权限列表判断操作是否合法。

package com.newer.liu.system.comment;

import java.io.IOException;
import java.lang.reflect.Method;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.RequestProcessor;
import org.apache.struts.actions.DispatchAction;

import com.newer.liu.system.bean.OperatorBean;
import com.newer.liu.system.bean.PrivilegeBean;
import com.newer.liu.system.servce.OperatorServce;
import com.newer.liu.system.servce.PrivilegeServce;
import com.newer.liu.system.servce.impl.OperatorServceImpl;
import com.newer.liu.system.servce.impl.PrivilegeServceImpl;
import com.sun.swing.internal.plaf.metal.resources.metal;
/**
* 权限校验

*继承RequestProcessor
* @author liu
*
*/
public class ShyRequestProcessor extends RequestProcessor {

private PrivilegeServce dao = new PrivilegeServceImpl();

@Override
protected ActionForward processActionPerform(HttpServletRequest request,
HttpServletResponse response, Action action, ActionForm form,
ActionMapping mapping) throws IOException, ServletException {
// TODO Auto-generated method stub
System.out.println("-----------权限------------------");
if (isValiue(request, action, mapping)) {
return super.processActionPerform(request, response, action, form,
mapping);
} else {
return mapping.findForward("error");
}
}

//=========================================

// 调用方法
private boolean isValiue(HttpServletRequest request, Action action,
ActionMapping mapping) {
Method method = this.getMethod(request, action, mapping);
MyInterface my = this.getAnnotation(method);
if (my != null) {
//得到该用户的所有权限
Object str=request.getSession().getAttribute("name");
List<PrivilegeBean> list = dao.getAll(str.toString());
System.out.println(str+"============"+list);
PrivilegeBean p = new PrivilegeBean();
p.setModel(my.mode());
p.setPrivilegeName(my.limit());
p.setOperatorId(str.toString());
if (list.contains(p)) {
return true;
} else {
return false;
}

}
return true;
}

//--------------------------------

// method 根据反射到到方法的全部值
private Method getMethod(HttpServletRequest request, Action action,
ActionMapping mapping) {
Method method = null;

String methodName = "execute";
if (action instanceof DispatchAction) {
String parme = mapping.getParameter();
methodName = request.getParameter(parme);

}
Class[] cls = { ActionMapping.class, ActionForm.class,
HttpServletRequest.class, HttpServletResponse.class };

try {
method = action.getClass().getDeclaredMethod(methodName, cls);
} catch (SecurityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchMethodException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return method;
}

//注解
public MyInterface getAnnotation(Method name) {
MyInterface mf = null;
if (name.isAnnotationPresent(MyInterface.class)) {
mf = name.getAnnotation(MyInterface.class);

}
return mf;
}