在 struts2 视图中实现细粒度访问控制的最佳方法是什么?
基本上,在任何 UI 应用程序中,我们都可以对各种元素进行访问控制。
假设我有一个 PM 可见的按钮,
<logic equal=pm>
TheButton
</logic equal>
<logic NotEqual=pm>
TheButton=disabled
</logic NotEqual>
现在假设还有一个条件,即开发人员具有不同的访问权限。 由于标签中没有AND...我们这样做
<logic equal=pm>
TheButton
</logic equal>
<logic NotEqual=pm>
TheButton=disabled
</logic NotEqual>
<logic equal=developer>
TheButton
</logic equal>
<logic NotEqual=developer>
TheButton=disabled
</logic NotEqual>
所以这里代码不断增加并且访问控制都是碎片化的。
在struts2中,对于Action类中的每个方法,我可以创建自定义注释并检查访问控制。就像@Role=pm,developer
如何在jsp中做到这一点?这样我就可以写了。
<button name=Thebutton access="pm,developer" >
或者类似的东西。
Basically, In any application for UI we have access control for various element.
Say, I have a button to be visible to PM
<logic equal=pm>
TheButton
</logic equal>
<logic NotEqual=pm>
TheButton=disabled
</logic NotEqual>
Now say there is one more condition say developer has different access.
Since there is no AND in tags...We do as
<logic equal=pm>
TheButton
</logic equal>
<logic NotEqual=pm>
TheButton=disabled
</logic NotEqual>
<logic equal=developer>
TheButton
</logic equal>
<logic NotEqual=developer>
TheButton=disabled
</logic NotEqual>
So here code keeps increasing and access control is all fragmented.
In struts2, for each method inside Action class, I can create Custom Annotation and check access control. Like @Role=pm,developer
How to do it in jsp ? such that i can write.
<button name=Thebutton access="pm,developer" >
Or something like that.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以在控制器中编写一个名为“getElements()”的方法,该方法将仅返回允许的元素。您可以随意编写更简单的操作,返回单个元素或空白字符串,以便您的 main.jsp 保持干净。
You could write a method in your controller saying "getElements()" which would return back only permitted elements. Feel free to even write simpler actions returning back individual elements or blank string so that your main.jsp remains clean.