<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"> <struts> <constant name="struts.objectFactory" value="spring"></constant> <constant name="struts.action.extension" value="action,xhtml" /> <constant name="struts.i18n.encoding" value="UTF-8" /> <constant name="struts.custom.i18n.resources" value="com.gd.resource.template.LabelResources,com.gd.resource.privilege.LabelResources"></constant> <package name="ehrDefault" extends="struts-default"> <result-types> <result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" /> </result-types> <interceptors> <interceptor name="admin" class="com.XX.interceptor.AdminInterceptor" /> <interceptor-stack name="requireLogin"> <interceptor-ref name="defaultStack" /> <interceptor-ref name="admin" /> </interceptor-stack> </interceptors> <default-interceptor-ref name="requireLogin" /> <global-results> <result name="login" type="redirect">/index.jsp</result> </global-results>......
然后是拦截器类:
package com.gd.interceptor; import java.util.Map; import javax.servlet.ServletContext; import org.apache.commons.lang.StringUtils; import org.apache.struts2.ServletActionContext; import org.springframework.context.ApplicationContext; import org.springframework.web.context.support.WebApplicationContextUtils; import com.gd.po.Userinfo; import com.gd.service.ISecurityPermissionManager; import com.gd.service.ISecurityUserManager; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.interceptor.AbstractInterceptor; public class AdminInterceptor extends AbstractInterceptor { private static final long serialVersionUID = 7426957840297915277L; @Override public String intercept(ActionInvocation ai) throws Exception { Map<String, Object> session = ai.getInvocationContext().getSession(); if (session == null) { return Action.LOGIN; } Userinfo user = (Userinfo) session.get("user"); if (user == null) { session.put("message", "请先登录!"); return Action.LOGIN; } // 用户访问Action权限判断 if (!actionAuthority(ai, session)) { return Action.LOGIN; } return ai.invoke(); } public boolean actionAuthority(ActionInvocation ai, Map<String, Object> session) { // 用户访问Action权限判断 ServletContext sc = ServletActionContext.getServletContext(); //此处获取请求的action及其方法 String permission = ai.getProxy().getActionName().toLowerCase() + "." + ai.getProxy().getMethod().toLowerCase(); ApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(sc); ISecurityUserManager securityUserManager = (ISecurityUserManager) context.getBean("securityUserManager"); ISecurityPermissionManager securityPermissionManager = (ISecurityPermissionManager) context.getBean("securityPermissionManager"); //查询数据库是否有相同的链接有相同的则有权限访问 if(!securityPermissionManager.checkIsRepeatPermission(permission)){ return true; } if(securityUserManager!=null){ Userinfo userInfo=(Userinfo)session.get("user"); return securityUserManager.checkPrivilege(userInfo.getUserName(),permission); } return true; } }