Java permission system implementation
Use the ssh framework to explain the Permission System
First, configure two interceptor stacks in struts. xml,
The first one is to log on to the interceptor stack. users who have not logged on will be intercepted, prompting them to log on.
/management/login.jsp
The second is the permission interceptor stack. First, you can determine whether to log on. If you do not log on, you can jump to the login page. Then, you can determine the permission. If you do not have the permission, you can jump to the page without permission.
/management/login.jsp
/WEB_INF/404.jsp
Step 2: Write the login Interceptor to check whether the userid in the session is null. If yes, let the user log on to the page.
package com.interceptor;import java.util.Map;import com.opensymphony.xwork2.Action;import com.opensymphony.xwork2.ActionContext;import com.opensymphony.xwork2.ActionInvocation;import com.opensymphony.xwork2.interceptor.AbstractInterceptor;public class LoginInterceptor extends AbstractInterceptor {private static final long serialVersionUID = 1L;@Overridepublic String intercept(ActionInvocation invocation) throws Exception {ActionContext ctx = invocation.getInvocationContext();Map
session = ctx.getSession();String user = null;if (session.get("userid")!=null) {user=session.get("userid").toString();}if (user != null) {return invocation.invoke();}return Action.LOGIN;}}
Step 3 Write the permission interceptor
Package com. interceptor; import java. util. hashSet; import java. util. map; import java. util. set; import com. opensymphony. xwork2.Action; import com. opensymphony. xwork2.ActionContext; import com. opensymphony. xwork2.ActionInvocation; import com. opensymphony. xwork2.interceptor. abstractInterceptor; public class RoleInterceptor extends actinterceptor {private static final long serialVersionUID = 1L; @ override ("unchecked") @ Overridepublic String intercept (ActionInvocation invocation) throws Exception {Map
Session = ActionContext. getContext (). getSession (); Set
Roles = new HashSet
(); String currUrl = invocation. getProxy (). getActionName (); // obtain the nameif (session. get ("roles") of the current action ")! = Null) {// The user puts the permission in the session roles = (Set
) Session. get ("roles"); for (com. entity. ModuleFun mfun: roles ){
if (mfun.getUrls.equals(currUrl+".action")) {return invocation.invoke();}
}}return Action.NONE;}}
3. Store userid and roles into the session during login