struts2利用拦截器和注解进行权限控制

struts2利用拦截器和注解进行权限控制 (二) ：JSP页面中根据权限显示或隐藏
http://hi.baidu.com/sonmeika/item/a1955a4699327cd3c0a5921e
新建Annotation，Permission.java：

package cn.itcast.action.privilege;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
* 权限设置
*
*/
@Retention(RetentionPolicy.RUNTIME) // 代表Permission注解保留的阶段
@Target({ElementType.METHOD}) // 只允许标注在方法上
public @interface Permission {
/** 模块 **/
String module();
/** 权限值 **/
String privilege();
}

权限校验标签 PermissionTag.java：

package cn.itcast.web.taglib;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;

import cn.itcast.bean.product.ProductType;

/**
* 权限校验标签
*
*/
public class PermissionTag extends TagSupport {
private String module;
private String privilege;

public String getModule() {
  return module;
}
public void setModule(String module) {
  this.module = module;
}
public String getPrivilege() {
  return privilege;
}
public void setPrivilege(String privilege) {
  this.privilege = privilege;
}

@Override
public int doStartTag() throws JspException {
  boolean result = false;
  String auth = module+","+privilege;
  User login = (User)pageContext.getSession().getAttribute("logintest");
  if (null!=login && login.isAuthed(auth)) {
   result = true;
  }
  return result? EVAL_BODY_INCLUDE : SKIP_BODY; // 显示或隐藏标签内的内容

}

}

在web-inf先新建 itcast.tld，内容如下：

<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
    version="2.0">
  
  <description>itcast babasport permission taglib</description>
  <display-name>permission taglib</display-name>
  <tlib-version>1.0</tlib-version>
  <short-name>itcast</short-name>
  <uri>http://www.itcast.cn/babasport</uri>

  <tag>
    <description>权限校验标签，有权限就显示标签体的内容，否则不显示</description>
    <name>permission</name>
   <tag-class>cn.itcast.web.taglib.PermissionTag</tag-class>
    <body-content>JSP</body-content>
    <attribute>
        <description></description>
        <name>module</name>
        <required>true</required>
        <rtexprvalue>false</rtexprvalue>
    </attribute>
    <attribute>
        <description></description>
        <name>privilege</name>
        <required>true</required>
        <rtexprvalue>false</rtexprvalue>
    </attribute>
  </tag>
</taglib>

*.tld的写法可以参考standard.jar\META-INF\*.tld

taglib.jsp：
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<%@ taglib uri="/struts-tags" prefix="s"%>
<%@ taglib uri="http://www.itcast.cn/babasport" prefix="itcast"%>
web.xml：

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_9" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<!-- 指定spring的配置文件，默认从web根目录寻找配置文件，我们可以通过spring提供的classpath:前缀指定从类路径下寻找 -->
<context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>classpath:beans.xml</param-value>
</context-param>
<!-- 对Spring容器进行实例化 -->
<listener>
  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- 配置struts2 -->
<filter>
  <filter-name>struts2</filter-name>
  <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- 解决中文乱码问题 -->
<filter>
  <filter-name>encoding</filter-name>
  <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
  <init-param>
   <param-name>encoding</param-name>
   <param-value>UTF-8</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>encoding</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>


<!-- 使用spring解决hibernate因session关闭导致的延迟加载例外问题 -->
<!--
<filter>
  <filter-name>OpenSessionInViewFilter</filter-name>
  <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>OpenSessionInViewFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
-->

<!-- 配置过滤器 -->
<!--
<filter>
  <filter-name>PrivilegeFilter</filter-name>
  <filter-class>cn.itcast.web.filter.PrivilegeFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>PrivilegeFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
  -->

<welcome-file-list>
  <welcome-file>index.html</welcome-file>
  <welcome-file>index.jsp</welcome-file>
</welcome-file-list>

<jsp-config> 
    <taglib> 
        <taglib-uri>http://www.itcast.cn/babasport</taglib-uri>
        <taglib-location>/WEB-INF/itcast.tld</taglib-location> 
    </taglib> 
</jsp-config>

</web-app>

ProductTypeList.jsp：

<%@ page contentType="text/html;charset=UTF-8"%>
<%@ include file="/WEB-INF/page/share/taglib.jsp"%>
<html>
<head>
<title>权限组显示</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" href="/css/vip.css" type="text/css">
<SCRIPT language=JavaScript src="/js/FoshanRen.js"></SCRIPT>
</head>

<body bgcolor="#FFFFFF" text="#000000" marginwidth="0" marginheight="0">
  <table width="98%" border="0" cellspacing="1" cellpadding="2"
   align="center">
      <tr ><td colspan="5" bgcolor="6f8ac4" align="right">
       <%@ include file="/WEB-INF/page/share/fenye.jsp" %>
   </td></tr>
   <tr>
    <td width="10%" bgcolor="6f8ac4">
     <div align="center">
      <font color="#FFFFFF">ID</font>
     </div>
    </td>
    <td width="50%" nowrap bgcolor="6f8ac4">
     <div align="center">
      <font color="#FFFFFF">Name</font>
     </div>
    </td>
    <td bgcolor="6f8ac4">
     <div align="center">
      <font color="#FFFFFF">Note</font>
     </div>
    </td>
    <td bgcolor="6f8ac4">
     <div align="center">
      <font color="#FFFFFF">Visible</font>
     </div>
    </td>
    <td width="10%" bgcolor="6f8ac4"></td>
   </tr>
   <!---------------------------LOOP START------------------------------>
   <c:forEach items="${productTypes.resultlist}" var="prodtype">
    <tr>
     <td bgcolor="f5f5f5">
      <div align="center">${prodtype.typeid}</div>
     </td>
     <td bgcolor="f5f5f5">
      <div align="center">${prodtype.name}</div>
     </td>
     <td bgcolor="f5f5f5">
      <div align="center">${prodtype.note}</div>
     </td>
     <td bgcolor="f5f5f5">
      <div align="center">${prodtype.visible}</div>
     </td>
     <td bgcolor="f5f5f5" align="center">
        <itcast:permission module="department" privilege="edit"><!-- 没有权限就不显示“修改”链接-->
      <a href="/product/producttype_editUI.do?productType.typeid=${prodtype.typeid }">修改</a>
      </itcast:permission>
     </td>
    </tr>
   </c:forEach>
   <!----------------------LOOP END------------------------------->
   <tr>
    <td bgcolor="f5f5f5" colspan="5" align="center"><table
      width="100%" border="0" cellspacing="1" cellpadding="4">
      <tr>
       <td width="5%"></td>
       <td width="85%">
        </td>
      </tr>
     </table>
    </td>
   </tr>
  </table>
</body>
</html>