PrivilegeGroup 權限組
SystemPrivilege 權限
權限組對應多個權限 權限對應多個權限組
import java.util.HashSet;
import java.util.Set;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
/**
* 權限組實體
*/
@Entity
public class PrivilegeGroup {
private String groupid;
private String name;
private Set<SystemPrivilege> privileges = new HashSet<SystemPrivilege>();
private Set<Employee> employees = new HashSet<Employee>();
public PrivilegeGroup(){}
public PrivilegeGroup(String groupid) {
this.groupid = groupid;
}
@ManyToMany(mappedBy="groups", cascade=CascadeType.REFRESH)
public Set<Employee> getEmployees() {
return employees;
}
public void setEmployees(Set<Employee> employees) {
this.employees = employees;
}
@Id @Column(length=36)
public String getGroupid() {
return groupid;
}
public void setGroupid(String groupid) {
this.groupid = groupid;
}
@Column(length=20,nullable=false)
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@ManyToMany(cascade=CascadeType.REFRESH,fetch=FetchType.EAGER)
@JoinTable(name="ps", inverseJoinColumns={@JoinColumn(name="module", referencedColumnName="module"),
@JoinColumn(name="privilege", referencedColumnName="privilege")}
,joinColumns=@JoinColumn(name="group_id"))
public Set<SystemPrivilege> getPrivileges() {
return privileges;
}
public void setPrivileges(Set<SystemPrivilege> privileges) {
this.privileges = privileges;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((groupid == null) ? 0 : groupid.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final PrivilegeGroup other = (PrivilegeGroup) obj;
if (groupid == null) {
if (other.groupid != null)
return false;
} else if (!groupid.equals(other.groupid))
return false;
return true;
}
}
import java.util.HashSet;
import java.util.Set;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.EmbeddedId;
import javax.persistence.Entity;
import javax.persistence.ManyToMany;
/**
* 系統權限
*
*/
@Entity
public class SystemPrivilege {
private SystemPrivilegePK id;
private String name;
private Set<PrivilegeGroup> groups = new HashSet<PrivilegeGroup>();
@ManyToMany(cascade=CascadeType.REFRESH, mappedBy="privileges")
public Set<PrivilegeGroup> getGroups() {
return groups;
}
public void setGroups(Set<PrivilegeGroup> groups) {
this.groups = groups;
}
public SystemPrivilege(){}
public SystemPrivilege(String module, String privilege, String name) {
this.id = new SystemPrivilegePK(module, privilege);
this.name = name;
}
public SystemPrivilege(SystemPrivilegePK id) {
this.id = id;
}
@EmbeddedId
public SystemPrivilegePK getId() {//JPA 實體的標識屬性必須實現序列化
return id;
}
public void setId(SystemPrivilegePK id) {
this.id = id;
}
@Column(length=20,nullable=false)
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((id == null) ? 0 : id.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final SystemPrivilege other = (SystemPrivilege) obj;
if (id == null) {
if (other.id != null)
return false;
} else if (!id.equals(other.id))
return false;
return true;
}
}
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Embeddable;
@Embeddable
public class SystemPrivilegePK implements Serializable{
/* 模塊 */
private String module;
/* 權限值 */
private String privilege;
public SystemPrivilegePK(){}
public SystemPrivilegePK(String module, String privilege) {
this.module = module;
this.privilege = privilege;
}
@Column(length=20, name="module")
public String getModule() {
return module;
}
public void setModule(String module) {
this.module = module;
}
@Column(length=20, name="privilege")
public String getPrivilege() {
return privilege;
}
public void setPrivilege(String privilege) {
this.privilege = privilege;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((module == null) ? 0 : module.hashCode());
result = prime * result
+ ((privilege == null) ? 0 : privilege.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final SystemPrivilegePK other = (SystemPrivilegePK) obj;
if (module == null) {
if (other.module != null)
return false;
} else if (!module.equals(other.module))
return false;
if (privilege == null) {
if (other.privilege != null)
return false;
} else if (!privilege.equals(other.privilege))
return false;
return true;
}
}
系統權限初始化
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.springframework.stereotype.Controller;
/**
* 初始化 (此action是在系統安裝完後就執行)
*/
@Controller("/system/init")
public class SystemInitAction extends Action {
@Resource GeneratedOrderidService generatedOrderidService;
@Resource SystemPrivilegeService privilegeService;
@Resource PrivilegeGroupService groupService;
@Resource EmployeeService employeeService;
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
generatedOrderidService.init();
initSystemPrivilege();
initPrivilegeGroup();
initAdmin();
request.setAttribute("message", "初始化完成");
request.setAttribute("urladdress", "/employee/logon.do");
return mapping.findForward("message");
}
/**
* 初始化管理員賬號
*/
private void initAdmin() {
if(employeeService.getCount()==0){
Employee employee = new Employee();
employee.setUsername("admin");
employee.setPassword("123456");
employee.setRealname("系統管理員");
employee.setGender(Gender.MAN);
employee.setIdCard(new IDCard("213213","北京", new Date()));
employee.getGroups().addAll(groupService.getScrollData().getResultlist());//賦予權限
employeeService.save(employee);
}
}
/**
* 初始化系統權限組
*/
private void initPrivilegeGroup() {
if(groupService.getCount()==0){
PrivilegeGroup group = new PrivilegeGroup();
group.setName("系統權限組");
group.getPrivileges().addAll(privilegeService.getScrollData().getResultlist());
groupService.save(group);
}
}
/**
* 初始化權限
*/
private void initSystemPrivilege() {
if(privilegeService.getCount()==0){
List<SystemPrivilege> privileges = new ArrayList<SystemPrivilege>();
privileges.add(new SystemPrivilege("department", "view", "部門查看"));
privileges.add(new SystemPrivilege("department", "insert", "部門添加"));
privileges.add(new SystemPrivilege("department", "update", "部門修改"));
privileges.add(new SystemPrivilege("department", "delete", "部門刪除"));
privilegeService.batchSave(privileges);
}
}
}
後臺對action攔截
import java.io.IOException;
import java.lang.reflect.Method;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.actions.DispatchAction;
import org.springframework.web.struts.DelegatingRequestProcessor;
public class PrivilegeRequestProcessor extends DelegatingRequestProcessor {
@Override
protected ActionForward processActionPerform(HttpServletRequest request,
HttpServletResponse response, Action action, ActionForm form,
ActionMapping mapping) throws IOException, ServletException {
if(WebUtil.getRequestURI(request).startsWith("/control/")){//只對辦公平臺中的action進行校驗
if(!validate(request, action, mapping)){//沒有權限的時候執行下面這段代碼
request.setAttribute("message", "您沒有執行該操作的權限");
request.setAttribute("urladdress", SiteUrl.readUrl("control.control.right"));
return mapping.findForward("message");
}
}
return super.processActionPerform(request, response, action, form, mapping);
}
/**
* 權限校驗
* @return
*/
private boolean validate(HttpServletRequest request, Action action, ActionMapping mapping) {
Method method = getCurrentMethod(request, action, mapping);
if(method!=null && method.isAnnotationPresent(Permission.class)){
Permission permission = method.getAnnotation(Permission.class);//得到方法上的註解
//下面是得到執行方法需要的權限
SystemPrivilege methodPrivilege = new SystemPrivilege(new SystemPrivilegePK(permission.module(),permission.privilege()));
Employee employee = WebUtil.getEmployee(request);
for(PrivilegeGroup group : employee.getGroups()){
if(group.getPrivileges().contains(methodPrivilege)){
return true;
}
}
return false;
}
return true;
}
/**
* 獲取用戶當前執行的方法
* @return
*/
private Method getCurrentMethod(HttpServletRequest request, Action action,
ActionMapping mapping) {
String methodName = "execute";
if(DispatchAction.class.isAssignableFrom(action.getClass())){//判斷DispatchAction是否是action.getClass()的父類
methodName = request.getParameter(mapping.getParameter());//取得由請求參數指定的方法名稱
}
try {
return action.getClass().getMethod(methodName, ActionMapping.class, ActionForm.class,
HttpServletRequest.class, HttpServletResponse.class);
} catch (Exception e) {
}
return null;
}
}
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 權限配置
*
*/
@Retention(RetentionPolicy.RUNTIME) //代表Permission註解保留在的階段
@Target(ElementType.METHOD)
public @interface Permission {
/** 模塊 */
String module();
/** 權限值 */
String privilege();
}
頁面自定義標籤
import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;
import cn.itcast.bean.privilege.Employee;
import cn.itcast.bean.privilege.PrivilegeGroup;
import cn.itcast.bean.privilege.SystemPrivilege;
import cn.itcast.bean.privilege.SystemPrivilegePK;
import cn.itcast.utils.WebUtil;
/**
* 權限校驗標籤
*
*/
public class PermissionTag extends TagSupport {
private String module;
private String privilege;
public String getModule() {
return module;
}
public void setModule(String module) {
this.module = module;
}
public String getPrivilege() {
return privilege;
}
public void setPrivilege(String privilege) {
this.privilege = privilege;
}
@Override
public int doStartTag() throws JspException {
boolean result = false;
Employee employee = WebUtil.getEmployee((HttpServletRequest)pageContext.getRequest());//獲取登錄到系統的員工
SystemPrivilege privilege = new SystemPrivilege(new SystemPrivilegePK(this.module, this.privilege));
for(PrivilegeGroup group : employee.getGroups()){
if(group.getPrivileges().contains(privilege)){
result = true;
break;
}
}
return result? EVAL_BODY_INCLUDE : SKIP_BODY;
}
}
<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
version="2.0">
<description>itcast babasport permission taglib</description>
<display-name>permission taglib</display-name>
<tlib-version>1.0</tlib-version>
<short-name>itcast</short-name>
<uri>http://www.itcast.cn/babasport</uri>
<tag>
<description>權限校驗標籤,有權限就顯示標籤體的內容,否則不顯示</description>
<name>permission</name>
<tag-class>cn.itcast.web.taglib.PermissionTag</tag-class>
<body-content>JSP</body-content>
<attribute>
<description></description>
<name>module</name>
<required>true</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
<attribute>
<description></description>
<name>privilege</name>
<required>true</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
</tag>
</taglib>
<itcast:permission module="department" privilege="delete">
<a href="<html:rewrite action="/control/department/manage"/>?method=delete&departmentid=${entry.departmentid}">刪除</a>
</itcast:permission>