Recently learned STRUTS2 login and permissions control with interceptors, need to be configured in Struts.xml, each action is the default inheritance defaultstack, if you use another interceptor, you also need to manually introduce Defaultstack. Because the login and access rights interception is global, some of the results of the interception return are also global, so I define my own package for reference. That's what I wrote:
==================================================================================================
< package name= "Struts-my" extends= "Struts-default" >
< interceptors>
<!--determine if you are logged in and have access privileges-
< interceptor name= "auth" class= "Athenticationinterceptor"/>
< Interceptor-stack name= "Mystack" >
< Interceptor-ref name= "auth" ></interceptor-ref>
< Interceptor-ref name= "Defaultstack" ></interceptor-ref>
</interceptor-stack>
</interceptors>
< Default-interceptor-ref name= "Mystack" ></default-interceptor-ref>
<!--Global Results-
< global-results>
<!--intercept not logged in return results-
< result name= "Nologin" type= "redirect" >/jsp/no_login.jsp</result>
<!--intercept does not have permission to return results-
< result name= "Nopower" type= "redirect" >/jsp/no_power.jsp</result>
</global-results>
</package>
< package name= "default" extends= "Struts-my" >
<!--login Logout no need to intercept to get them into defaultstack-->
< action name= "login" class= "loginaction" method= "Login" >
< result name= "input" >/jsp/login.jsp</result>
< result name= "Success" type= "redirect" >/jsp/index.jsp</result>
< Interceptor-ref name= "Defaultstack" ></interceptor-ref>
</action>
< action name= "logout" class= "loginaction" method= "logout" >
< result name= "Success" >/jsp/login.jsp</result>
< Interceptor-ref name= "Defaultstack" ></interceptor-ref>
</action>
。。。。。。。。。
==================================================================================================
It is necessary to note that login and logout are not required to intercept (or otherwise do not need to be intercepted), we have their interceptors inherit defaultstack. Local permissions are above the global definition, and their interceptor stacks are default, not custom.
One more thing to explain is that I, my interceptor's name auth the referenced class is a bean configured in spring, I use SSH, I use some database in the class, I need to inject in spring. If you don't need a class that you can write directly to (write a path).
After the successful landing, I put "user" into the session, I also have a permission table, which is stored in the permission group ID and access permissions. The user table holds the permission group ID so that you know what permissions the user has. The class where I implemented the interception was written like this.
==================================================================================================
public class Authenticationinterceptor extends Abstractinterceptor {
This is a custom method that needs to be used.
Private Grouppowerservice Grouppowerservice;
Public String intercept (actioninvocation invocation) throws Exception {
Map map= Invocation.getinvocationcontext (). GetSession ();
if (Map.get ("user") ==null)
{
return "Nologin";
}
Else
{
Get the user's permission ID and access the class name
int id = (user) map.get ("User"). Getgroupid ();
The name of the action to intercept
String action = Invocation.getinvocationcontext (). GetName ();
Determine whether a user has this permission by using the user ID and the intercepted action name
if (This.groupPowerService.hasPower (id,action))
Continue execution without interception
return Invocation.invoke ();
return "Nopower";
}
}
Public Grouppowerservice Getgrouppowerservice () {
return grouppowerservice;
}
==================================================================================================
There are also two JSP pages and a word in the Spring config file (where the interceptor and the action, with what sevice to inject), have nothing to say.
Form:http://blog.sina.com.cn/s/blog_7d0c4ede0100tfdv.html
focus on the public, share the dry goods, discuss the technology