struts2拦截器 获得请求方法名+获得请求参数
2015-09-16 13:44
651 查看
struts2拦截器里如何知道你请求的是那个方法
使用:invocation.getInvocationContext().getName(); //输出Priv_queryPriv,这正是我访问的Action中的方法。
1.struts.xml中这么定义的
Xml代码
<struts>
<!-- character filter -->
<constant name="struts.i18n.encoding" value="utf-8" />
<constant name="struts.multipart.saveDir" value="/tmp" />
<constant name="struts.multipart.maxSize" value="1000000000" />
<!-- CONFIG Global Exception -->
<package name="basePriv" extends="struts-default">
<interceptors>
<interceptor name="myPrivInterceptor" class="PrivInterceptor"/>
<interceptor-stack name="b2cplatPrivInterceptor">
<interceptor-ref name="myPrivInterceptor">
<param name="includeMethods"></param>
<param name="excludeMethods">
loginMain,loginTop,loginSwitch,loginRight,login,leftMenuShow,
queryCityList,queryInOrOutAreaList,queryDistricts
</param>
</interceptor-ref>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="b2cplatPrivInterceptor"/>
<global-results>
<result name="privError">/errorPrivPage.jsp</result>
<result name="updateEmpPassword">/jsp/phone/xxxx.jsp</result>
<result name="loginPage" type="redirect">/jsp/phone/login/trunToLogin.jsp</result>
</global-results>
<global-exception-mappings>
<exception-mapping result="error" exception="java.lang.Exception">/errorPage.jsp
</exception-mapping>
</global-exception-mappings>
</package>
<package name="managerPlatform" extends="basePriv" namespace="/">
<action name="*_*" class="{1}Action" method="{2}">
<result name="success">${successPath}</result>
<result name="error">${errorPath}</result>
<result name="input">${inputPath}</result>
<result name="redirectAction" type="redirectAction">${redirectActionPath}</result>
<result name="doChain" type="chain">${chainPath}</result>
<result name="redirect" type="redirect">${redirectPath}</result>
<result name="print" type="stream">
<param name="contentType">application/vnd.ms-excel</param>
<param name="inputName">inputStream</param>
<param name="contentDisposition">filename="${printFileName}"</param>
<param name="bufferSize">1024</param>
</result>
</action>
</package>
</struts>
2.Action这么写
Java代码
/**
* 权限信息控制
* @author ken
* @date 2011-9-13 下午15:00:46
*/
@Scope("prototype")
@Controller("PrivAction")
public class PrivAction extends BaseAction{
private static final long serialVersionUID = 1L;
static final Logger log = Logger.getLogger(PrivAction.class);
@Autowired
private PrivService privService;
/* 权限模型 */
private TEmployeePriv employeePriv;
/**
* 权限查询
* @return
*/
public String queryPriv(){
if(employeePriv==null){
employeePriv = new TEmployeePriv();
successPath = "/jsp/phone/priv/priv/privList.jsp";
return SUCCESS;
}
try {
entitys = this.privService.queryAllPriv(employeePriv);
} catch (Exception e) {
log.error("",e);
}
successPath = "/jsp/phone/priv/priv/privList.jsp?flag=true";
return SUCCESS;
}
}
3.struts2拦截器
Java代码
/**
* 权限拦截器Interceptor
* @author mengxianjun
* @date 2011-4-8 下午03:07:24
*
*/
@SuppressWarnings("serial")
@Component( "PrivInterceptor" )
@Scope("prototype")
public class PrivInterceptor extends MethodFilterInterceptor{
@Resource(name = "EmployeeService")
private EmployeeService empSafeService;//工号安全Service
@Resource(name="EmployeeRoleService")
private EmployeeRoleService empRoleService;
/* (non-Javadoc)
* @see com.opensymphony.xwork2.interceptor.MethodFilterInterceptor#doIntercept(com.opensymphony.xwork2.ActionInvocation)
* @author mengxianjun
* @date 2011-4-8 下午03:07:24
*/
@SuppressWarnings("unchecked")
@Override
protected String doIntercept(ActionInvocation invocation) throws Exception {
System.out.println("============"+invocation.getInvocationContext().getName());
System.out.println("============"+invocation.getInvocationContext().getLocale());
System.out.println("============"+invocation.getInvocationContext().getParameters());
System.out.println("执行到拦截器里。。。。");
ActionContext act = invocation.getInvocationContext();
//获得session
Map session = invocation.getInvocationContext().getSession();
TEmployeeInfo sessionInfo = (TEmployeeInfo) session.get("user");
String employee_id="";
/**
* 一、是否登录
*/
try
{
employee_id = sessionInfo.getEmployeeId();
}
catch( NullPointerException e )
{
act.put("message", "Session过期,请重新登录!");
return "loginPage";
}
/*=========================================================单点登录判断============================================*/
HashMap<String, String> map = (HashMap<String, String>) ServletActionContext.getServletContext().getAttribute("userList");
String sessionID_User = map.get( employee_id ); //登录用户session的ID
String sessionID_Now = ServletActionContext.getRequest().getSession().getId(); //当前session的ID
if( ! sessionID_User.trim().equals(sessionID_Now) )
{
act.put("message", "此账号已登录!");
return "privError";
}
/*=========================================================单点登录判断============================================*/
/**
* 二、登录成功后,根据URL进行权限判断
*/
if( !"".equals(employee_id.trim()) && null!=employee_id )
{
/**
* 2.1判断工号登录后,业务密码是否为123456,是跳转到商户安全设置,修改业务密码
*/
/*TEmployeeSafe empSafe = empSafeService.queryEmployeSafe(employee_id);
if( null!=empSafe )
{
String MD5password = KeyedDigestMD5.getKeyedDigest("123456","").toUpperCase();//获得123456的MD5值
String employeePass = empSafe.getEmployeePass();//获得登录密码
String employeePass2 = empSafe.getEmployeePass2();//获得工号业务密码
if( MD5password.equals(employeePass) || MD5password.equals(employeePass2) )
{
act.put("message", "欢迎使用本系统,您的登录密码、业务密码过于简单,请修改!");
return "updateEmpPassword";
}
}*/
/**
* 2.2截取请求URL
*/
HttpServletRequest request = ServletActionContext.getRequest();
String currentURL = request.getRequestURI();
String targetURL = "";
if( -1 != currentURL.indexOf("?") )//普通<form>标签是?分隔传来的参数
{
String paramURL = currentURL.substring(currentURL.indexOf("?",0), currentURL.length());//参数URL
int targetLength = currentURL.length() - paramURL.length();//去掉请求参数Length
targetURL = currentURL.substring(currentURL.indexOf("/",1), targetLength);
System.out.println("去掉请求参数路径URL:"+targetURL);
}
else if( -1 != currentURL.indexOf(";") )//struts2标签<s:form>标签是;分隔传来的参数
{
String paramURL = currentURL.substring(currentURL.indexOf(";",0), currentURL.length());//参数URL
int targetLength = currentURL.length() - paramURL.length();//去掉请求参数Length
targetURL = currentURL.substring(currentURL.indexOf("/",1), targetLength);
System.out.println("去掉请求参数路径URL:"+targetURL);
}
else
{
targetURL = currentURL.substring(currentURL.indexOf("/",1), currentURL.length());
System.out.println("请求路径URL:"+targetURL);
}
/**
* 2.3必须保证当前用户:1.工号必须开启2.角色已分配 3.角色已启用 4.角色有权限集合
*/
if("12".equals(sessionInfo.getState()))
{
act.put("message", "工号已锁定!");
return "privError";
}
else if("15".equals(sessionInfo.getState()))
{
act.put("message", "工号已注销!");
return "privError";
}
else if( sessionInfo.getRoleState()==null || "".equals(sessionInfo.getRoleState()) )
{
act.put("message", "未分配角色!");
return "privError";
}
else if( !"10".equals(sessionInfo.getRoleState()) )
{
act.put("message", "该角色未启用!");
return "privError";
}
else
{
try
{
/*1.得到中间表TRolePriv集合*/
TRolePriv rp = new TRolePriv();
rp.setRoleNum(sessionInfo.getRoleNum());
List<TRolePriv> rolePrivList = empRoleService.queryRolePriv(rp);
/*2.根据中间表TRolePriv,生成TEmployeePriv集合*/
List<TEmployeePriv> privList = new ArrayList<TEmployeePriv>();
for( TRolePriv trp : rolePrivList )
{
TEmployeePriv myPriv = empRoleService.queryPrivById(trp.getPrivNum());
if(myPriv!=null&&myPriv.getPrivUrl()!=null&&!"".equals(myPriv.getPrivUrl())){
privList.add(myPriv);//去掉一级菜单添加进privList,privUrl为空是一级菜单
}
}
/*3.权限privUrl与targetURL比较*/
if( privList.size()>0 )
{
int privState = 0;
for( TEmployeePriv p : privList )
{
/**
* 对比去掉请求参数后的URL是否一致,即/Login_login
*/
String privUrl = p.getPrivUrl();//TEmployeePriv中privUrl,可能带参数,可能不带参数
if(-1!=privUrl.indexOf("?",0)){
String paramPrivURL = privUrl.substring(privUrl.indexOf("?",0), privUrl.length());//参数URL
int targetPrivLength = privUrl.length() - paramPrivURL.length();//去掉请求参数Length
privUrl = privUrl.substring(privUrl.indexOf("/",0), targetPrivLength);//TEmployeePriv中privUrl去掉参数
}
if( privUrl.equals(targetURL) )
{
privState = 1;
}
}
if( 1 == privState )
{
return invocation.invoke();
}
else
{
System.out.println("-------得到Priv权限集合,但是无访问权限---------");
act.put("message", "您没有权限 , 拒绝访问!");
return "privError";
}
}
else
{
act.put("message", "您没有相应权限 , 拒绝访问!");
return "privError";
}
}
catch( NullPointerException e )
{
act.put("message", "您没有权限 , 拒绝访问!");
return "privError";
}
}
}
else
{
act.put("message", "Session过期,请重新登录!");
return "loginPage";
}
}
}
使用:invocation.getInvocationContext().getName(); //输出Priv_queryPriv,这正是我访问的Action中的方法。
1.struts.xml中这么定义的
Xml代码
<struts>
<!-- character filter -->
<constant name="struts.i18n.encoding" value="utf-8" />
<constant name="struts.multipart.saveDir" value="/tmp" />
<constant name="struts.multipart.maxSize" value="1000000000" />
<!-- CONFIG Global Exception -->
<package name="basePriv" extends="struts-default">
<interceptors>
<interceptor name="myPrivInterceptor" class="PrivInterceptor"/>
<interceptor-stack name="b2cplatPrivInterceptor">
<interceptor-ref name="myPrivInterceptor">
<param name="includeMethods"></param>
<param name="excludeMethods">
loginMain,loginTop,loginSwitch,loginRight,login,leftMenuShow,
queryCityList,queryInOrOutAreaList,queryDistricts
</param>
</interceptor-ref>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="b2cplatPrivInterceptor"/>
<global-results>
<result name="privError">/errorPrivPage.jsp</result>
<result name="updateEmpPassword">/jsp/phone/xxxx.jsp</result>
<result name="loginPage" type="redirect">/jsp/phone/login/trunToLogin.jsp</result>
</global-results>
<global-exception-mappings>
<exception-mapping result="error" exception="java.lang.Exception">/errorPage.jsp
</exception-mapping>
</global-exception-mappings>
</package>
<package name="managerPlatform" extends="basePriv" namespace="/">
<action name="*_*" class="{1}Action" method="{2}">
<result name="success">${successPath}</result>
<result name="error">${errorPath}</result>
<result name="input">${inputPath}</result>
<result name="redirectAction" type="redirectAction">${redirectActionPath}</result>
<result name="doChain" type="chain">${chainPath}</result>
<result name="redirect" type="redirect">${redirectPath}</result>
<result name="print" type="stream">
<param name="contentType">application/vnd.ms-excel</param>
<param name="inputName">inputStream</param>
<param name="contentDisposition">filename="${printFileName}"</param>
<param name="bufferSize">1024</param>
</result>
</action>
</package>
</struts>
2.Action这么写
Java代码
/**
* 权限信息控制
* @author ken
* @date 2011-9-13 下午15:00:46
*/
@Scope("prototype")
@Controller("PrivAction")
public class PrivAction extends BaseAction{
private static final long serialVersionUID = 1L;
static final Logger log = Logger.getLogger(PrivAction.class);
@Autowired
private PrivService privService;
/* 权限模型 */
private TEmployeePriv employeePriv;
/**
* 权限查询
* @return
*/
public String queryPriv(){
if(employeePriv==null){
employeePriv = new TEmployeePriv();
successPath = "/jsp/phone/priv/priv/privList.jsp";
return SUCCESS;
}
try {
entitys = this.privService.queryAllPriv(employeePriv);
} catch (Exception e) {
log.error("",e);
}
successPath = "/jsp/phone/priv/priv/privList.jsp?flag=true";
return SUCCESS;
}
}
3.struts2拦截器
Java代码
/**
* 权限拦截器Interceptor
* @author mengxianjun
* @date 2011-4-8 下午03:07:24
*
*/
@SuppressWarnings("serial")
@Component( "PrivInterceptor" )
@Scope("prototype")
public class PrivInterceptor extends MethodFilterInterceptor{
@Resource(name = "EmployeeService")
private EmployeeService empSafeService;//工号安全Service
@Resource(name="EmployeeRoleService")
private EmployeeRoleService empRoleService;
/* (non-Javadoc)
* @see com.opensymphony.xwork2.interceptor.MethodFilterInterceptor#doIntercept(com.opensymphony.xwork2.ActionInvocation)
* @author mengxianjun
* @date 2011-4-8 下午03:07:24
*/
@SuppressWarnings("unchecked")
@Override
protected String doIntercept(ActionInvocation invocation) throws Exception {
System.out.println("============"+invocation.getInvocationContext().getName());
System.out.println("============"+invocation.getInvocationContext().getLocale());
System.out.println("============"+invocation.getInvocationContext().getParameters());
System.out.println("执行到拦截器里。。。。");
ActionContext act = invocation.getInvocationContext();
//获得session
Map session = invocation.getInvocationContext().getSession();
TEmployeeInfo sessionInfo = (TEmployeeInfo) session.get("user");
String employee_id="";
/**
* 一、是否登录
*/
try
{
employee_id = sessionInfo.getEmployeeId();
}
catch( NullPointerException e )
{
act.put("message", "Session过期,请重新登录!");
return "loginPage";
}
/*=========================================================单点登录判断============================================*/
HashMap<String, String> map = (HashMap<String, String>) ServletActionContext.getServletContext().getAttribute("userList");
String sessionID_User = map.get( employee_id ); //登录用户session的ID
String sessionID_Now = ServletActionContext.getRequest().getSession().getId(); //当前session的ID
if( ! sessionID_User.trim().equals(sessionID_Now) )
{
act.put("message", "此账号已登录!");
return "privError";
}
/*=========================================================单点登录判断============================================*/
/**
* 二、登录成功后,根据URL进行权限判断
*/
if( !"".equals(employee_id.trim()) && null!=employee_id )
{
/**
* 2.1判断工号登录后,业务密码是否为123456,是跳转到商户安全设置,修改业务密码
*/
/*TEmployeeSafe empSafe = empSafeService.queryEmployeSafe(employee_id);
if( null!=empSafe )
{
String MD5password = KeyedDigestMD5.getKeyedDigest("123456","").toUpperCase();//获得123456的MD5值
String employeePass = empSafe.getEmployeePass();//获得登录密码
String employeePass2 = empSafe.getEmployeePass2();//获得工号业务密码
if( MD5password.equals(employeePass) || MD5password.equals(employeePass2) )
{
act.put("message", "欢迎使用本系统,您的登录密码、业务密码过于简单,请修改!");
return "updateEmpPassword";
}
}*/
/**
* 2.2截取请求URL
*/
HttpServletRequest request = ServletActionContext.getRequest();
String currentURL = request.getRequestURI();
String targetURL = "";
if( -1 != currentURL.indexOf("?") )//普通<form>标签是?分隔传来的参数
{
String paramURL = currentURL.substring(currentURL.indexOf("?",0), currentURL.length());//参数URL
int targetLength = currentURL.length() - paramURL.length();//去掉请求参数Length
targetURL = currentURL.substring(currentURL.indexOf("/",1), targetLength);
System.out.println("去掉请求参数路径URL:"+targetURL);
}
else if( -1 != currentURL.indexOf(";") )//struts2标签<s:form>标签是;分隔传来的参数
{
String paramURL = currentURL.substring(currentURL.indexOf(";",0), currentURL.length());//参数URL
int targetLength = currentURL.length() - paramURL.length();//去掉请求参数Length
targetURL = currentURL.substring(currentURL.indexOf("/",1), targetLength);
System.out.println("去掉请求参数路径URL:"+targetURL);
}
else
{
targetURL = currentURL.substring(currentURL.indexOf("/",1), currentURL.length());
System.out.println("请求路径URL:"+targetURL);
}
/**
* 2.3必须保证当前用户:1.工号必须开启2.角色已分配 3.角色已启用 4.角色有权限集合
*/
if("12".equals(sessionInfo.getState()))
{
act.put("message", "工号已锁定!");
return "privError";
}
else if("15".equals(sessionInfo.getState()))
{
act.put("message", "工号已注销!");
return "privError";
}
else if( sessionInfo.getRoleState()==null || "".equals(sessionInfo.getRoleState()) )
{
act.put("message", "未分配角色!");
return "privError";
}
else if( !"10".equals(sessionInfo.getRoleState()) )
{
act.put("message", "该角色未启用!");
return "privError";
}
else
{
try
{
/*1.得到中间表TRolePriv集合*/
TRolePriv rp = new TRolePriv();
rp.setRoleNum(sessionInfo.getRoleNum());
List<TRolePriv> rolePrivList = empRoleService.queryRolePriv(rp);
/*2.根据中间表TRolePriv,生成TEmployeePriv集合*/
List<TEmployeePriv> privList = new ArrayList<TEmployeePriv>();
for( TRolePriv trp : rolePrivList )
{
TEmployeePriv myPriv = empRoleService.queryPrivById(trp.getPrivNum());
if(myPriv!=null&&myPriv.getPrivUrl()!=null&&!"".equals(myPriv.getPrivUrl())){
privList.add(myPriv);//去掉一级菜单添加进privList,privUrl为空是一级菜单
}
}
/*3.权限privUrl与targetURL比较*/
if( privList.size()>0 )
{
int privState = 0;
for( TEmployeePriv p : privList )
{
/**
* 对比去掉请求参数后的URL是否一致,即/Login_login
*/
String privUrl = p.getPrivUrl();//TEmployeePriv中privUrl,可能带参数,可能不带参数
if(-1!=privUrl.indexOf("?",0)){
String paramPrivURL = privUrl.substring(privUrl.indexOf("?",0), privUrl.length());//参数URL
int targetPrivLength = privUrl.length() - paramPrivURL.length();//去掉请求参数Length
privUrl = privUrl.substring(privUrl.indexOf("/",0), targetPrivLength);//TEmployeePriv中privUrl去掉参数
}
if( privUrl.equals(targetURL) )
{
privState = 1;
}
}
if( 1 == privState )
{
return invocation.invoke();
}
else
{
System.out.println("-------得到Priv权限集合,但是无访问权限---------");
act.put("message", "您没有权限 , 拒绝访问!");
return "privError";
}
}
else
{
act.put("message", "您没有相应权限 , 拒绝访问!");
return "privError";
}
}
catch( NullPointerException e )
{
act.put("message", "您没有权限 , 拒绝访问!");
return "privError";
}
}
}
else
{
act.put("message", "Session过期,请重新登录!");
return "loginPage";
}
}
}
相关文章推荐
- java的commons包的简介
- Springtest与junit结合测试注解失败原因
- java 员工管理系统 向文本文件中备份
- Spring注解开发
- JDK 动态代理
- JAVA一个超级简单的计算器
- eclipse插件
- java中注解的使用与实例
- Java与C#的区别
- MyBatis学习总结(八)——Mybatis3.x与Spring4.x整合
- Java Socket 与飞秋 通信
- Spring+Spring MVC+Hibernate环境搭配
- 【Java EE 学习 44】【Hibernate学习第一天】【Hibernate对单表的CRUD操作】
- 详细解析Java中抽象类和接口的区别
- java中的堆、栈、常量池
- SpringMVC之访问静态文件
- Java JVM(十一):MAT 工具的使用
- 简易计算器NetBeans Ide
- java学习之JDK5新特性
- java中文件的I/O操作