Struts 2 Reading Notes-Example of interceptor: Permission control with interceptor

We have introduced some interceptor configurations and basic usage methods. So this time we will introduce the practical functions of the interceptor.

The utility interceptor completes permission control.

When a visitor needs to perform an operation, the application must first check whether the visitor is logged on and whether there are sufficient permissions to perform the operation.

In this example, a user must log on with the specified user name to view an attempt in the system. Otherwise, the user is directly transferred to the logon interface.

Check whether a user is logged on.SessionThroughActioncontextYou can accessSessionAttributes of the interceptorInterceptorMethodInvocationParameters can easily access request-relatedActioncontextInstance.

Permission check interceptor classCodeAs follows:

 

 1   Public   Class Authorityinterceptor Extends  Abstractinterceptor {  2   3       //  Interception action Processing Method  4   @ Override  5       Public String intercept (actioninvocation Invocation) Throws  Exception { 6           //  Obtains the actioncontext instance of the request.  7 Actioncontext CTX = Invocation. getinvocationcontext ();  8 Map session = CTX. getsession ();  9           //  Retrieve the session attribute named user  10 String user = (string) Session. Get ("user" );  11           // If you have not logged on or the user name used for logon is not chenssy, return to log on again  12           If (User! = Null & User. Equals ("chenssy" )){  13               Return  Invocation. Invoke ();  14   }  15           //  If you have not logged on, set the server prompt to an httpservletrequest attribute.  16 CTX. Put ("tip", "You have not logged on. Please enter chenssy to log on to the system");  17           18           Return  Action. login;  19   }  20   21 }

 

 

After the above permission interceptor is implemented, You can implement the permissionActionReference the interceptor above.

To use this interceptorStruts. xmlThe following configuration snippets are defined in the configuration file:

 1                     <! --  Define User interceptor  -->  2           <  Interceptors  >  3               <! --  Define an interceptor named authority  --> 4               <  Interceptor  Name  = "Authority"  Class  = "Com. App. Interceptor. authorityinterceptor"  >  5               </  Interceptor  >  6           </  Interceptors  > 

 

After the interceptor is defined, you canActionThe Interceptor is applied. The configuration is as follows:

 

 1                      <  Action  Name  = "Viewbook"  >  2               <  Result  Name  = "Success" > /Viewbook. jsp </  Result  >  3               <  Interceptor-ref  Name  = "Authority"  > </  Interceptor-ref  >  4           </  Action  > 

 

 

The aboveActionNot SpecifiedClassAttribute, which is used by default.ActionsupportClassExecuteMethod returnSuccessView name. So configure thisActionYou only need to specify a result ing:Success.

Considering the repeated use of this interceptor, there may be multipleActionMust jumpLoginLogic viewLoginIs defined as a global result ing. The configuration is as follows:

 

 1                     <! --  Define global result  -->  2           < Global-results  >  3               <! --  When the login view name is returned, it is transferred to the login page.  -->  4               <  Result  Name  = "Login"  > /Login. jsp </  Result  >  5           </ Global-results  > 

 

 

When the viewer directly sendsActionWhen a request is sent, the following results are displayed:

 

To avoidActionYou can configure the interceptor as a default interceptor stack. The default interceptor stack should containDefault-StackThe interceptor stack and permission check interceptor.

Configure your own default interceptor stack as follows:

 

 1                     <  Interceptors  >  2               <! --  Define the permission check interceptor  -->  3               <  Interceptor  Name  = "Authority"  Class  = "Com. App. Interceptor. authorityinterceptor"  > </  Interceptor >  4               <! --  Define an interceptor stack containing permission check  -->  5               <  Interceptor-Stack  Name  = "Mydefault"  >  6                   <! --  Contains default interceptor  -->  7                   < Interceptor-ref  Name  = "Default-stack"  > </  Interceptor-ref  >  8                   <! --  Include authority interceptor  -->  9                   <  Interceptor-ref  Name  = "Authority"  > </ Interceptor-ref  >  10               </  Interceptor-Stack  >  11           </  Interceptors  > 

 

 

Once the precedingMydefaultThe interceptor stack can be used to intercept the stack.

 

 
1 <Default-interceptor-refName= "Mydefault" />
 

 

 

Once the default interceptor stack is defined under a package, allActionThe permission check function is automatically added. For those that do not require permission ControlActionWe can define them in another package. The original default stack blocking function of struts 2 is still used in this package, and no permission control function is available.