墙角的续集

dom4j 读写xml文档 | spring2.0+hibernate3.1+struts1.2 ssh开发 ...

2008-02-18

spring aop实现权限控制，路径控制

spring aop 的权限的管理是通过对路径的控制来实现的
现在共有两个角色，经理和员工
经理的权限检查的代码
MgrAuthorityInterceptor.java

public class MgrAuthorityInterceptor implements MethodInterceptor
{

    public Object invoke(MethodInvocation invocation) throws Throwable
	{
        HttpServletRequest request = null;
        ActionMapping mapping = null;
        Object[] args = invocation.getArguments();
        //解析目标方法的参数
        for (int i = 0 ; i < args.length ; i++ )
        {
            if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
            if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i];
        }
        //从session中得到用户的级别
        String level = (String)request.getSession().getAttribute("level");
        //如是经理级别则继续，否则，回到登陆页面
        if ( level != null && level.equals("mgr") )
        {
            return invocation.proceed();
        }
        else
        {
            return mapping.findForward("login");
        }
    }
}

员工的权限的实现,EmpAuthorityInterceptor.java

public class EmpAuthorityInterceptor implements MethodInterceptor
{

    public Object invoke(MethodInvocation invocation) throws Throwable
	{
        HttpServletRequest request = null;
        ActionMapping mapping = null;
        Object[] args = invocation.getArguments();
        for (int i = 0 ; i < args.length ; i++ )
        {
            if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
            if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i];
        }
        //从session中得到用户的级别
        String level = (String)request.getSession().getAttribute("level");
        //如是经理或员工级别则继续，否则，回到登陆页面
        if ( level != null && (level.equals("emp") || level.equals("mgr")))
        {
            return invocation.proceed();
        }
        else
        {
            return mapping.findForward("login");
        }
    }
}

员工，经理权限的实现，在action-servlet.xml中

 <!--  以经理权限拦截器生成代理  -->
    <bean class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
	    <property name="beanNames">
            <list>
				action中的经理的操作
            </list>
	    </property>
        <property name="interceptorNames">
            <list>
                <value>mgrAuthorityInterceptor</value> 
            </list>
        </property>
    </bean>

    <!--  以普通员工权限拦截器生成代理  -->
    <bean class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
	    <property name="beanNames">
            <list>
				员工中的action操作
            </list>
	    </property>
        <property name="interceptorNames">
            <list>
                <value>empAuthorityInterceptor</value> 
            </list>
        </property>
    </bean>

    <!-- 定义经理权限检查拦截器，class即前面的MgrAuthorityInterceptor.java-->
	<bean id="mgrAuthorityInterceptor" class="org.***.MgrAuthorityInterceptor"/>
    <!-- 定义普通员工权限检查拦截器 ，class即前面的EmpAuthorityInterceptor.java-->
	<bean id="empAuthorityInterceptor" class="org.***.EmpAuthorityInterceptor"/>