概述
From: http://www.onjava.com/pub/a/onjava/2004/02/18/strutssecurity.html
1. Extending the Struts ActionMapping class
public class StrutsPermissionMapping
extends ActionMapping {
private Integer actionId = null;
private String label = null;
private String canBeMadeAvailable = null;
private String canBeMadeEditable = null;
private String group = null;
private String role = null;
public StrutsPermissionMapping() {
super();
}
public Integer getActionId() {
return actionId;
}
public void setActionId(Integer id) {
this.actionId = id;
}
...
}
2. 修改后的struts-config.xml
<struts-config> <form-beans> <form-bean name="computeForm" type="com.shiftat.oreilly.web.ComputeForm"/> ... </form-beans> <action-mappings> <action path="/compute" type="com.shiftat.oreilly.web.ComputeAction" name="computeForm" scope="session" input="/jsp/compute.jsp" className= "com.shiftat.struts.StrutsPermissionMapping" unknown="false" validate="false"> <set-property property="actionId" value="160" /> <set-property property="label" value="compute"/> <set-property property="canBeMadeAvailable" value="true"/> <set-property property="canBeMadeEditable" value="false"/> <set-property property="group" value="4"/> <set-property property="role" value="4"/> <forward name="succes" path="/jsp/result.jsp" redirect="false"/> </action> ... </action-mappings> </struts-config>
3. in the login action
3.1 Retrieves the user permissions from the datastore.
3.2 Retrieves the StrutsPermissionMappings from the Struts configuration.
3.3 Iterates over the user permissions and retrieves the corresponding StrutsPermissionMappings.
3.4 Stores each of the corresponding StrutsPermissionMappings in a new Map in the context for that user.
Map userActionPermissionMap
= retrievePortalUserActionPermissionMap(userId);
Map strutsConfigMap
= StrutsConfigurationHelperAction
.retrieveStrutsActionMapping(this, request);
Map userActionNamePermissionMap = new HashMap();
if (userActionPermissionMap.keySet() != null
&& userActionPermissionMap.keySet().size() >0) {
Iterator it
= userActionPermissionMap.keySet().iterator();
while (it.hasNext()){
Integer actionId = (Integer)it.next();
Integer permissionId
= (Integer)userActionPermissionMap
.get(actionId);
StrutsPermissionMapping mapping
= (StrutsPermissionMapping)strutsConfigMap
.get(actionId);
String actionPath
= strutsPermissionMapping.getPath();
userActionNamePermissionMap
.put(actionPath, permissionId);
}
}
context
.setAttribute("permissionmap",
userActionNamePermissionMap);
public class StrutsConfigurationHelperAction {
private static SortedMap actionMappingMap = null;
private static ModuleConfig mConfig = null;
public static SortedMap
retrieveStrutsActionMapping(Action action,
HttpServletRequest request) {
if (actionMappingMap == null){
actionMappingMap = new TreeMap();
mConfig = (ModuleConfig)request.
getAttribute(Globals.MODULE_KEY);
if (mConfig == null){
mConfig = (ModuleConfig)action.
getServlet().getServletContext().
getAttribute(Globals.MODULE_KEY);
}
if (mConfig != null){
ActionConfig[] acfg
= mConfig.findActionConfigs();
for (int i=0; i < acfg.length; i++){
ActionConfig actionConfig = acfg[i];
if (actionConfig instanceof
StrutsPermissionMapping){
StrutsPermissionMapping amp =
(StrutsPermissionMapping)
actionConfig;
actionMappingMap
.put(amp.getActionId(),amp);
} else {
//Regular ActionMapping
//without security attributes
}
}
} else {
System.err.println
("No Struts configuration !");
}
}
return actionMappingMap;
}
}
4. The check that the user has the necessary permission to call a certain action in the application can easily be done in a ServletFilter
最后
以上就是友好服饰为你收集整理的struts1 加入 security 的全部内容,希望文章能够帮你解决struts1 加入 security 所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复