Struts2使用拦截器完成权限控制示例

http://aumy2008.iteye.com/blog/146952

Struts2使用拦截器完成权限控制示例

示例需求： 
   要求用户登录，且必须为指定用户名才可以查看系统中某个视图资源；否则，系统直接转入登陆页面。 

一、页面部分 
1、登陆页面代码（login.jsp） 

<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
    <head>
        <title><s:text name="loginPage" /></title>
    </head>
    <body>
        <!-- 使用form标签生成表单元素 -->
        <s:form action="login">
            <s:textfield name="username" label="%{getText('user')}" />
            <s:textfield name="password" label="%{getText('pass')}" />
            <s:submit value="%{getText('login')}" />
        </s:form>
    </body>
</html>

2、登陆成功页面（welcome.jsp） 

<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
    <head>
        <title><s:text name="succPage" /></title>
        <s:head />
    </head>
    <body>
        <s:text name="succTip" />
        <br />
        <!-- 欢迎，${sessionScope.user},您已经登录!
        ${sessionScope.pass}-->
        <p />
        <s:a href="show.action">show</s:a>
        <p />
        <s:a href="add.action">add</s:a>
        <p />
        <s:a href="qurey.action">qurey</s:a>
    </body>
</html>

3、登陆失败页面（error.jsp） 

<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
    <head>
        <title><s:text name="errorPage" /></title>
    </head>
    <body>
        <s:text name="failTip" />
        <p />
        <s:a href="login.jsp">return</s:a>
    </body>
</html>

4、和权限有关的几个显示页面 
（add.jsp） 

<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
    <head>
        <title><s:text name="addPage"/></title>
    </head>
    <body>
        <s:text name="addTip"/>
        <p />
        <s:a href="login.jsp">return login</s:a>
    </body>
</html>

（show.jsp） 

<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
    <head>
        <title><s:text name="showPage"/></title>
    </head>
    <body>
        <s:text name="showTip"/>
        <p />
        <s:a href="login.jsp">return login</s:a>
    </body>
</html>

（qurey.jsp） 

<%@ page language="java" contentType="text/html; charset=GBK"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<html>
    <head>
        <title><s:text name="qureyPage"/></title>
    </head>
    <body>
        <s:text name="qureyTip"/>
        <p />
        <s:a href="login.jsp">return login</s:a>
    </body>
</html>

二、Action部分（LoginAction.java） 

public class LoginAction extends ActionSupport {
    private static final long serialVersionUID = 1030294046920869257L;
    private String username;
    private String password;

    // 处理用户请求的execute方法
    public String execute() throws Exception {
        if (isInvalid(getUsername()))
            return INPUT;

        if (isInvalid(getPassword()))
            return INPUT;

        if ((getUsername().equals("mm") || getUsername().equals("aumy"))
                && getPassword().equals("111")) {
            // 通过ActionContext对象访问Web应用的Session
            ActionContext.getContext().getSession().put("user", getUsername());
            ActionContext.getContext().getSession().put("pass", getPassword());
            System.out.println(getUsername() + "----" + getPassword());
            return SUCCESS;
        } else {
            System.out.println(getUsername() + "----" + getPassword());
            return ERROR;
        }
    }

    private boolean isInvalid(String value) {
        return (value == null || value.length() == 0);
    }

    public String add() {
        return SUCCESS;
    }

    public String show() {
        return SUCCESS;
    }

    public String qurey() {
        return SUCCESS;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }
}

三、拦截器部分（AuthorityInterceptor.java） 

public class AuthorityInterceptor extends AbstractInterceptor {
    private static final long serialVersionUID = 1358600090729208361L;

    //拦截Action处理的拦截方法
    public String intercept(ActionInvocation invocation) throws Exception {
        // 取得请求相关的ActionContext实例
        ActionContext ctx=invocation.getInvocationContext();
        Map session=ctx.getSession();
        //取出名为user的session属性
        String user=(String)session.get("user");
        //如果没有登陆，或者登陆所有的用户名不是aumy，都返回重新登陆
        if(user!=null && user.equals("aumy")){
            return invocation.invoke();
        }
        //没有登陆，将服务器提示设置成一个HttpServletRequest属性
        ctx.put("tip","您还没有登录，请登陆系统");
        return Action.LOGIN;
    }
}

四、配置文件部分 
（struts.xml） 

<!DOCTYPE struts PUBLIC
        "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
        "http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
    <include file="struts-default.xml"/>
    <!--不受权限控制的Action请求配置-->
    <package name="non-authority" extends="struts-default" >
        <action name="login" class="com.aumy.struts.example.LoginAction">
            <result name="input">/login.jsp</result>
            <result name="error">/error.jsp</result>
            <result name="success">/welcome.jsp</result>
        </action>
        <action name="qurey" class="com.aumy.struts.example.LoginAction" method="qurey">
            <result name="success">/qurey.jsp</result>
        </action>

    </package>

    <!--受权限控制的Action请求配置-->
    <package name="authority" extends="struts-default">
        <interceptors>
            <!--定义一个名为authority的拦截器-->
            <interceptor
                class="com.aumy.struts.example.intercepter.AuthorityInterceptor"
                name="authority"/>
            <!--定义一个包含权限检查的拦截器栈-->
            <interceptor-stack name="mydefault">
                <!--配置内建默认拦截器-->
                <interceptor-ref name="defaultStack"/>
                <!--配置自定义的拦截器-->
                <interceptor-ref name="authority"/>
            </interceptor-stack>
        </interceptors>

        <default-interceptor-ref name="mydefault" />
        <!--定义全局Result-->
        <global-results>
            <result name="login">/login.jsp</result>
        </global-results>

        <action name="show" class="com.aumy.struts.example.LoginAction"
            method="show">
            <result name="success">/show.jsp</result>
        </action>

        <action name="add" class="com.aumy.struts.example.LoginAction"
            method="add">
            <result name="success">/add.jsp</result>
        </action>

    </package>
</struts>

（struts.properties） 

struts.custom.i18n.resources=message.messageResouce

（web.xml） 

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <display-name>Struts test</display-name>

    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


    <welcome-file-list>
        <welcome-file>login.jsp</welcome-file>
    </welcome-file-list>
</web-app>

五、国际化资源文件（messageResouce.properties） 

loginPage=Login Page
errorPage=Error Page
succPage=Welcome Page
failTip=Sorry,You can't log in!
succTip=welcome,you has logged in!
user=User Name
pass=User Pass
login=Login
showPage=Show Page
showTip=show a example!
addPage=Add Page
addTip=add a example!
qureyPage=Qurey Page
qureyTip=qurey a example!