[Struts2 Study Notes (10)] custom interceptor management permission access, struts2 Study Notes
(1) The functions of the interceptor are not directly mentioned in the Code:
To customize the Interceptor, you must implement the com. opensymphony. xwork2.interceptor. Interceptor interface:
The following is a custom Interceptor:
Package cn. lc. interceptor; import com. opensymphony. xwork2.ActionContext; import com. opensymphony. xwork2.ActionInvocation; import com. opensymphony. xwork2.interceptor. interceptor; public class PermissionInterceptor implements Interceptor {public void destroy () {} public void init () {} public String intercept (ActionInvocation invocation) throws Exception {Object user = ActionContext. getContext (). getSession (). ge T ("user"); if (user! = Null) {return invocation. invoke (); // if the user is not null, it indicates that the user has logged on and is allowed to execute the action method} ActionContext. getContext (). put ("message", "You are not authorized to perform this operation"); return "success ";}}
Action Code:
package cn.itcast.action;public class HelloWorldAction {private String message;public String getMessage() {return message;}public void setMessage(String message) {this.message = message;}public String addUI(){this.message = "addUI";return "success";}public String execute() throws Exception{this.message = "execute";return "success";}}
The struts. xml file is configured as follows:
<? Xml version = "1.0" encoding = "UTF-8"?> <! DOCTYPE struts PUBLIC "-// Apache Software Foundation // DTD Struts Configuration 2.0 // EN" "http://struts.apache.org/dtds/struts-2.0.dtd"> <struts> <constant name = "struts. enable. dynamicMethodInvocation "value =" false "/> <constant name =" struts. action. extension "value =" do, action "/> <constant name =" struts. multipart. maxSize "value =" 10701096 "/> <package name =" employee "namespace ="/control/employee "extends =" s Truts-default "> <interceptors> <interceptor name =" permission "class =" cn. itcast. interceptor. PermissionInterceptor "/> <interceptor-stack name =" permissionStack "> <! -- Place the system interceptor following the one defined previously --> <interceptor-ref name = "defaultStack"/> <interceptor-ref name = "permission"/> </interceptor-stack> </interceptors> <! -- Define the default interceptor so that action can use the default interceptor and the built-in interceptor --> <default-interceptor-ref name = "permissionStack"/> <global-results> <result name = "success">/WEB-INF/page/message. jsp </result> </global-results> <! -- Use the following method to overwrite the default interceptor stack and other functions --> <action name = "list _ *" class = "cn. itcast. action. helloWorldAction "method =" {1} "> </action> </package> </struts>
II. The process is as follows: 1. When the form is submitted:
<Form action = "<% = request. getContextPath () %>/control/employee/list_execute.action "method =" post "> id: <input type =" text "name =" person. id "> <br/> name: <input type =" text "name =" person. name "> <br/> <input type =" submit "value =" send "/> </form>
2. Find the action in the struts. xml file and match it to list _ *, although there is no interceptor in this action.
(The normal configuration should be like this.
<action name="list_*" class="cn.itcast.action.HelloWorldAction" method="{1}"><result name="success">/WEB-INF/page/hello.jsp</result><interceptor-ref name="permissionStack"/></action>
)
3. But we have a default Interceptor. In this way, we can not only use a custom interceptor, but also the built-in interceptor! The interception function is implemented!
<default-interceptor-ref name="permissionStack" />
Note: (1) In struts2, functions such as file upload, data verification, and encapsulation of request parameters to actions are implemented by the system's default ultstack interceptor, therefore, the defined interceptor must reference the default defaultStack of the system so that the application can use the many functions provided by the struts2 framework.
(2) If you want to use a custom interceptor for all actions under the package, you can use <default-interceptor-ref name = "permissionStack"/> to define the interceptor as the default interceptor. (Only one default interceptor can be specified for each package. In addition, once an interceptor is explicitly specified for an action in the package, the default interceptor does not work .)
Note: Please indicate the source for reprinting!
How to Use the STRUTS2 Interceptor to implement different logon interfaces with different Permissions
<! -- Actions that can only be accessed by admin users -->
<Package name = "onlyadmin" extends = "struts-default">
<Interceptors>
<! -- Define an interceptor named admin -->
<Interceptor class = "edu. cuit. course. interceptor. AdminInterceptor"
Name = "admin"/>
<! -- Define an interceptor stack containing permission check -->
<Interceptor-stack name = "adminInterceptor">
<! -- Configure the built-in default interceptor -->
<Interceptor-ref name = "defaultStack"/>
<! -- Configure a custom interceptor -->
<Interceptor-ref name = "admin">
<Param name = "excludeMethods"> list </param>
</Interceptor-ref>
</Interceptor-stack>
</Interceptors>
<Default-interceptor-ref name = "adminInterceptor"/>
<Global-results>
<Result name = "login">/user/userLogin. jsp </result>
</Global-results>
<Action name = "admin" class = "edu. cuit. course. action. AdminAction">
</Action>
<Action name = "module" class = "edu. cuit. course. action. ModuleAction">
<Result name = "addModule">/module/moduleadd. jsp </result>
<Result name = "addSuccess">/module/suc. jsp </result>
<Result name = "listByPageSuccess">/page/modulelist. jsp </result>
<Result name = "update">/module/moduil-pd ...... remaining full text>
In Struts2, the custom Interceptor implements the Interceptor interface and intercepts the method in the action.
The interceptor intercepts the entire action, not to say which method to intercept. It is only a functional block of the action. After the interceptor is created, the action that requires this function is configured in the action.