具体的权限系统是怎样的,我就不再这里赘述了,只说说拦截器部分。
下面是一个action配置文件的片断:
<
interceptors
>
<
interceptor name
=
"
checkAccess
"
class
=
"
cn.wsrf.perms.PermsInterceptor
"
/>
</
interceptors
>
<
global
-
results
>
<
result name
=
"
accessDeny
"
>/
accessDeny.ftl
</
result
>
</
global
-
results
>
<
action name
=
"
index
"
>
<
interceptor
-
ref
name
=
"
checkAccess
"
>
<
param name
=
"
whiteList
"
>
test1,test2
</
param
>
<!--
param name
=
"
allowUserType
"
>
super,system
</
param
>
<
param name
=
"
permString
"
>
1
|
发布产品
|
read,insert
</
param
-->
</
interceptor
-
ref
>
<
result
>
index.ftl
</
result
>
</
action
>
至于怎么更好利用拦截器我也不多说了,上面的“whiteList”、“allowUserType”、“permString”是3种权限验证方式,各人可以随意。
下面是拦截器的代码:
通过在action中利用拦截器,并将权限指派下去,这样,权限部分就可以从具体业务逻辑中分离出来了。
import java.util.Map;import org.apache.log4j.Logger;import cn.wsrf.pojo.UserLogin;import com.opensymphony.xwork2.ActionInvocation;import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public
class
PermsInterceptor extends AbstractInterceptor
...
{
/**//**
* Logger for this class
*/ private static final Logger logger = Logger .getLogger(PermsInterceptor.class); private String whiteList = null; private String allowUserType = null; private String permString = null; private static final String ACCESS_DENY = "accessDeny"; public String getWhiteList() ...{ return whiteList; } public void setWhiteList(String whiteList) ...{ this.whiteList = whiteList; } public String getAllowUserType() ...{ return allowUserType; } public void setAllowUserType(String allowUserType) ...{ this.allowUserType = allowUserType; } public String getPermString() ...{ return permString; } public void setPermString(String permString) ...{ this.permString = permString; } public String intercept(ActionInvocation ai) throws Exception ...{ Map session = ai.getInvocationContext().getSession(); UserLogin user = (UserLogin) session.get("user"); if (user == null) ...{ logger.info("intercept(ActionInvocation) - 用户未登陆。"); return PermsInterceptor.ACCESS_DENY; } if (this.whiteList != null) ...{ String userLoginId = user.getUserLoginId(); String[] t = this.whiteList.split(","); for (int i = 0; i < t.length; i++) ...{ if (t[i].equals(userLoginId)) return ai.invoke(); } logger.info("intercept(ActionInvocation) - 用户[" + userLoginId + "]不在白名单中。"); } if (this.allowUserType != null) ...{ String userType = user.getUserType(); String[] t = this.whiteList.split(","); for (int i = 0; i < t.length; i++) ...{ if (t[i].equals(userType)) return ai.invoke(); } logger.info("intercept(ActionInvocation) - 当前用户类型[" + userType + "]不被授权。"); } Map perms = (Map) session.get("perms"); if (perms == null || !isAccess(perms)) ...{ logger.info("intercept(ActionInvocation) - 没有权限:[" + this.permString + "]"); return PermsInterceptor.ACCESS_DENY; } else ...{ return ai.invoke(); } } private boolean isAccess(Map perms) ...{ if (this.permString == null) return false; String[] temp = this.permString.split("|"); String type = temp[0]; String module = temp[1]; String operation = temp[2]; String key = type + "_" + module; if (!perms.containsKey(key)) ...{ key = type + "_all"; if (!perms.containsKey(key)) return false; } String opCode = perms.get(key).toString(); String[] crudKey = operation.split(","); int curd = 0; for (int i = 0; i < crudKey.length; i++) ...{ curd |= Integer.parseInt(PermsDefine.crudCode.get(crudKey[i]) .toString(), 2); } curd &= Integer.parseInt(opCode, 2); if (curd == 0) logger.info("PermsInterceptor - 没有权限:[" + this.permString + "]。"); return curd != 0; }
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
