Permission control in crud of struts2)

In the information management system, the most involved is the addition, deletion, modification, and query of information (data). Of course, in a real system, these operations must be controlled with strict permissions. Article In, we have implemented simple crud operations using struts2 + hibernate + spring. Now we will study how to add permission control for these operations.
Of course, the simplest implementation is to first determine the login user's permissions in the crud method of each action. If you do not have the permission to operate this method, you can throw an exception stating the cause, in this way, in a large system, such as permission check Code It will spread among many actions, which will obscure the business logic code and make it difficult to maintain the system in the future, seriously violating the single responsibility principle.
On the contrary, we can strip a permission control to a proxy so that the action can achieve the purpose of permission control without any changes. The following is a detailed implementation.
1. basic implementation steps: Use a dynamic proxy to intercept the behavior ("LOAD", "Store ", "Remove") and add the required functions (permission control. Java. Lang. Reflect. Proxy and Java. Lang. Reflect. invocationhandler interfaces in Java provide a solution for implementing dynamic proxy classes.
2. to implement the invocationhandler interface's invoke () method, all proxy object calls will be sent to the invoke method, so you only need to implement your own control before and after the call, here we perform permission control before calling the proxy method. The pseudocode is as follows:

  // Make some actions before calling core functions
......
// Call core functions
M. Invoke (OBJ, argS );
// Do some operations after calling core functions
......

The code in this example is as follows:Package Com. waimai. experiment;

Import Java. Lang. Reflect. invocationhandler;
Import Java. Lang. Reflect. method;
Import Java. Lang. Reflect. proxy;
Import Java. util. arrays;
Import Java. util. List;

Import Com. opensymphony. xwork2.actionsupport;
Import Com. waimai. Web. abstractcrudaction;

/***/ /**
* Description:
*
*@ AuthorStone Yang created on:
*@ VersionPattern Study Technical Support: <
* Href ="Http://blog.csdn.net/yq76034150">Http://blog.csdn.net/yq76034150</A>
 */
Public   Class Actionproxy Implements Invocationhandler ... {
// List of methods for permission Control
Private List < String > Methods;

Private Object target;

/***/ /**
* Description: constructor.
*
*@ ParamMethods
*@ ParamTarget
*@ AuthorStone Yang Creation Time:
*/
Public Actionproxy (object target, string... methodnames) ... {
This. Methods=Arrays. aslist (methodnames );
This. Target=Target;
}

Public   Static Object getinstance () ... {
Actionproxy =   New Actionproxy ( New Abstractcrudaction (), " Load " , " Store " , " Remove " );
Return Proxy. newproxyinstance (abstractcrudaction. Class . Getclassloader (),
New Class [] ... {Abstractcrudaction.Class} , Actionproxy );
}

/***//**
* Description:
*
*@ AuthorStone Yang
*@ SeeJava. Lang. Reflect. invocationhandler # invoke (Java. Lang. object,
* Java. Lang. Reflect. method, java. Lang. object [])
*/
Public Object invoke (Object proxy, method, object [] ARGs)
Throws Throwable ... {
//Todo automatically generates method stubs
This. Dobegin ();
ReturnMethod. Invoke (target, argS );
}

/***/ /**
*
* Description:
*
*@ AuthorStone Yang Creation Time:
*/
Private   Void Dobegin () ... {
//Todo automatically generates method stubs
//Permission check code
}

}

3. Call the proxy class to implement system functions. The code is roughly as follows: Package Com. waimai. experiment;

Import Com. waimai. Web. caitypeaction;

/***/ /**
* Description:
*@ AuthorStone Yang created on:
*@ VersionPattern Study
* Technical support: <a href ="Http://blog.csdn.net/yq76034150">Http://blog.csdn.net/yq76034150</A>
 */
Public   Class Proxyinvokemock ... {

/***/ /**
* Description:
*@ ParamARGs
*@ AuthorStone Yang
* Creation Time: 2007-5-20
*/
Public   Static   Void Main (string [] ARGs) ... {
// Todo automatically generates method stubs
Caitypeaction actionproxy = (Caitypeaction) actionproxy. getinstance ();
// Call the method for permission Control
Actionproxy. Load ();
// Actionproxy. Store ();
// Actionproxy. Remove ();
}

}

In this way, the purpose of permission control is implemented elegantly after dynamic proxy is introduced. In the code above, you may have noticed that permission control is completed before actual operations, there are also many operations that need to be completed after invoke. For example, after a user completes a transaction, the points need to be increased accordingly .... then we need to add Code such as doafter () after the dynamic proxy class invoke. Do you feel something? Yeah, AOP is the origin of the idea of AOP.
Finally, let's go back to the problem we need to solve. Because we are dynamically acting the struts2 action, we do not explicitly call the action throughout the Struts framework. What can we do? Haha, don't worry. Struts will not lag behind in the popular AOP today. struts2 integrates webwork. The most important feature is the interceptor ). In the Chinese Document of webwork, the interceptor is the object for dynamically intercepting action calls. It provides a mechanism for developers to define the code to be executed before and after an action is executed, or to prevent it from being executed before an action is executed. It also provides a way to extract reusable parts of an action. When talking about interceptor, we should also know the interceptor chain, which is called the interceptor stack in struts 2 ). The interceptor chain is to link the interceptor into a chain in a certain order. When accessing intercepted methods or fields, the interceptor in the interceptor chain will be called in the order defined previously. In this case, let's look at the sequence diagram of the interceptor call in struts2:

Yeah, the same principle as our previous dynamic proxy, we will use the Interceptor to fulfill our requirements. In the next article, we will solve these problems.