Java permission system implementation

Java permission system implementation

Use the ssh framework to explain the Permission System

First, configure two interceptor stacks in struts. xml,

The first one is to log on to the interceptor stack. users who have not logged on will be intercepted, prompting them to log on.

 
 
  
   
   
    
    
   
  
  
  
   
    /management/login.jsp
   
  
 
 

The second is the permission interceptor stack. First, you can determine whether to log on. If you do not log on, you can jump to the login page. Then, you can determine the permission. If you do not have the permission, you can jump to the page without permission.

 
 
  
  
   
   
   
    
    
    
   
  
  
  
   
    /management/login.jsp
   
   
    /WEB_INF/404.jsp
   
  
 
 

Step 2: Write the login Interceptor to check whether the userid in the session is null. If yes, let the user log on to the page.

package com.interceptor;import java.util.Map;import com.opensymphony.xwork2.Action;import com.opensymphony.xwork2.ActionContext;import com.opensymphony.xwork2.ActionInvocation;import com.opensymphony.xwork2.interceptor.AbstractInterceptor;public class LoginInterceptor extends AbstractInterceptor {private static final long serialVersionUID = 1L;@Overridepublic String intercept(ActionInvocation invocation) throws Exception {ActionContext ctx = invocation.getInvocationContext();Map
 
   session = ctx.getSession();String user = null;if (session.get("userid")!=null) {user=session.get("userid").toString();}if (user != null) {return invocation.invoke();}return Action.LOGIN;}}
 

Step 3 Write the permission interceptor

Package com. interceptor; import java. util. hashSet; import java. util. map; import java. util. set; import com. opensymphony. xwork2.Action; import com. opensymphony. xwork2.ActionContext; import com. opensymphony. xwork2.ActionInvocation; import com. opensymphony. xwork2.interceptor. abstractInterceptor; public class RoleInterceptor extends actinterceptor {private static final long serialVersionUID = 1L; @ override ("unchecked") @ Overridepublic String intercept (ActionInvocation invocation) throws Exception {Map
 
  
Session = ActionContext. getContext (). getSession (); Set
  
   
Roles = new HashSet
   
    
(); String currUrl = invocation. getProxy (). getActionName (); // obtain the nameif (session. get ("roles") of the current action ")! = Null) {// The user puts the permission in the session roles = (Set
    
     
) Session. get ("roles"); for (com. entity. ModuleFun mfun: roles ){
    
   
  
 

if (mfun.getUrls.equals(currUrl+".action")) {return invocation.invoke();}
}}return Action.NONE;}}
3. Store userid and roles into the session during login