2013年8月3日星期六

Using Struts intercept namespace for access control

 

Sometimes I need a few packages need to be under the same access control. If the shopping site , we need to enter individual centers , orders, merchandise, etc. need to be evaluated login access control, but these modules are not located in the same package under . Struts provides interceptors , we can implement action to intercept , although we can in each package are configured this interceptor , but it is quite troublesome. This time we can use interceptors intercepting package. Access control package will need to be placed in the interceptor can be achieved .

 

First we need to struts.xml under interceptor configuration.

 
  
 1 <package name="main" extends="struts-default"> 
2 <interceptors>
3 <interceptor name="authorizationInterceptor" class="syxh.common.aop.SystemInterceptor"></interceptor>
4 <interceptor-stack name="jwzhptStack">
5 <interceptor-ref name="defaultStack"></interceptor-ref>
6 <interceptor-ref name="authorizationInterceptor"></interceptor-ref>
7 </interceptor-stack>
8 </interceptors>
9
10 <default-interceptor-ref name="jwzhptStack" />
11
12 <global-results>
13 <result name="loginfailure" type="redirectAction">
14 <param name="namespace">/index</param>
15 <param name="actionName">index</param>
16 </result>
17 </global-results>
18
19 <global-exception-mappings>
20 <exception-mapping result="input" exception="*">/login.jsp</exception-mapping>
21 </global-exception-mappings>
22 </package>
 
 

configured above main, so the package should inherit the main, namely : extends = "main", otherwise impossible to achieve .

 

in struts.xml , use the interceptor stack , which contains two interceptors, one is the default defaultStack, one is for access control authorizationInterceptor.

 

interceptor implementation class : SystemInterceptor.java

 
  
 1 public class SystemInterceptor extends AbstractInterceptor{ 
2
3 private static final long serialVersionUID = -1819593755738908387L;
4 private static final String WITHOUT = "/index, /author, /common, /indexzp"; //不需要进行权限控制的namespace
5
6 public void destroy(){
7 }
8
9 public void init(){
10 }
11
12 public String intercept(ActionInvocation invocation) throws Exception{
13 String namespace = invocation.getProxy().getNamespace(); //获取namespace
14 if (WITHOUT.indexOf(namespace) >= 0){
15 return invocation.invoke();
16 }
17
18 Map<?, ?> session = invocation.getInvocationContext().getSession();
19 UserBean user = (UserBean) session.get("currentUser");
20 if (user == null){ //没有登录
21 return "loginfailure";
22 }
23 return invocation.invoke(); //已登录
24 }
25 }
 
 
  

above interceptor implementation class , designated several namespace is not required for access control , in addition to the other namespace must be < / p>  

access control.

 

other package only needs to inherit main can achieve access control.

 
  
1 <package name="user" namespace="/user" extends="main"> 
2 <action name="userCenter_*" class="syxh.grzx.action.UserCenterAction" method="{1}">
3 <result name="updatePasswordUI">/jsp/grzx/updatePassword.jsp</result>
4 <result name="updateError">/jsp/grzx/updatePassword.jsp</result>
5 <result name="updateSuccess" type="redirect">/zp/myWorksHome.action</result>
6 <result name="updatePhoteUI">/jsp/grzx/updatePhoto.jsp</result>
7 <result name="updateInfoUI">/jsp/grzx/updateInfo.jsp</result>
8 </action>
9 </package>
 
 

Note: Because this interceptor is mainly based namespace to control , so the configuration package, to add namespace.

1 条评论: