当前位置: 文江博客话题详情

Struts 2如何显示保存在拦截器中的消息,该消息将重定向到另一个操作?

发布于 2024-10-11 09:46:26 字数 1591 浏览 5 评论 0原文

在我的拦截器中,如果用户没有足够的权限,则会出现警告消息:

    public String intercept(ActionInvocation invocation) throws Exception {

    ActionContext actionContext = invocation.getInvocationContext();
    Map<String, Object> sessionMap = actionContext.getSession();
    User loginUser = (User) sessionMap.get("user");

    Object action = invocation.getAction();

    if (loginUser != null && loginUser.getRole().getId() != Constant.AUTHORITY_ADMIN) {

        ((ValidationAware) action).addFieldError("user.authority",
                ((DefaultAction) action).getText("user.action.authority.not.enough"));

        return DefaultAction.HOME_PAGE;
    }

    return invocation.invoke();
}

然后,它将重定向到“HOME_PAGE”操作,如果成功,则在jsp中显示信息。那么如何显示警告信息呢?

我使用了在 strust.xml 中配置的两个拦截器,以满足管理员权限要求:

            <interceptor-stack name="authorityStack">
            <interceptor-ref name="authority" />
            <interceptor-ref name="defaultStack" />
            <interceptor-ref name="store">
                <param name="operationMode">STORE</param>
            </interceptor-ref>
        </interceptor-stack>

默认为:

<interceptor-stack name="default">
            <interceptor-ref name="login" />
            <interceptor-ref name="defaultStack" />
            <interceptor-ref name="store">
                <param name="operationMode">AUTOMATIC</param>
            </interceptor-ref>
        </interceptor-stack>
原文

in my interceptor, if user doesn't have enough right, there would be a warn message:

    public String intercept(ActionInvocation invocation) throws Exception {

    ActionContext actionContext = invocation.getInvocationContext();
    Map<String, Object> sessionMap = actionContext.getSession();
    User loginUser = (User) sessionMap.get("user");

    Object action = invocation.getAction();

    if (loginUser != null && loginUser.getRole().getId() != Constant.AUTHORITY_ADMIN) {

        ((ValidationAware) action).addFieldError("user.authority",
                ((DefaultAction) action).getText("user.action.authority.not.enough"));

        return DefaultAction.HOME_PAGE;
    }

    return invocation.invoke();
}

then, it would redirect to "HOME_PAGE" action, if success, display information in the jsp. So how to display the warn message?

i have used two interceptors configed in strust.xml, for admin right requirment:

            <interceptor-stack name="authorityStack">
            <interceptor-ref name="authority" />
            <interceptor-ref name="defaultStack" />
            <interceptor-ref name="store">
                <param name="operationMode">STORE</param>
            </interceptor-ref>
        </interceptor-stack>

default is:

<interceptor-stack name="default">
            <interceptor-ref name="login" />
            <interceptor-ref name="defaultStack" />
            <interceptor-ref name="store">
                <param name="operationMode">AUTOMATIC</param>
            </interceptor-ref>
        </interceptor-stack>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

晨曦慕雪 2024-10-18 09:46:26

以下是我在 Struts2 中处理访问控制的方法。它非常简单且可重用:

首先,创建一个名为 SecurityCheckAware 的接口。

public interface SecurityCheckAware {
    void checkRight();
}

然后,创建一个名为 SecurityCheckInterceptor 的拦截器。

public class SecurityCheckInterceptor extends AbstractInterceptor {
    @Override
    public String intercept(final ActionInvocation invocation) throws Exception {
        if (invocation.getAction() instanceof SecurityCheckAware) {
            SecurityCheckAware action = (SecurityCheckAware) invocation.getAction();
            action.checkRight();
        }

        return invocation.invoke();
    }
}

然后,在堆栈中定义拦截器。

您想要执行安全检查的任何操作都应该实现 SecurityCheckAware。例如:

@Override
public void checkRight() {
    User loginUser = (User) session.get("user");
    if (loginUser != null && loginUser.getRole().getId() != Constant.AUTHORITY_ADMIN) {
        throw new AccessViolation("You do not have permission to access this page.");
    }
}

接下来,创建一个扩展 RuntimeException(或其某些子类)的自定义异常。我称之为AccessViolation

最后,将 AccessViolation 映射到 struts.xml 中的错误页面,例如:

<global-results>
    <result name="accessDenied">/WEB-INF/jsp/accessDenied.jsp</result>
</global-results>

<global-exception-mappings>
    <exception-mapping exception="com.example.AccessViolation" result="accessDenied"/>
</global-exception-mappings>

注意:您可以放弃 SecurityCheckAwareSecurityCheckInterceptor 并只需使用现有的 Preparable 和 PrepareInterceptor,但我喜欢能够将安全检查封装在它们自己的方法中。

这不依赖于重定向或操作/字段错误(如您的问题中所示),但它应该提供您正在寻找的所有内容。

Here's how I handle access control in Struts2. It's really easy and quite re-usable:

First, create an interface called SecurityCheckAware.

public interface SecurityCheckAware {
    void checkRight();
}

Then, create an interceptor called SecurityCheckInterceptor.

public class SecurityCheckInterceptor extends AbstractInterceptor {
    @Override
    public String intercept(final ActionInvocation invocation) throws Exception {
        if (invocation.getAction() instanceof SecurityCheckAware) {
            SecurityCheckAware action = (SecurityCheckAware) invocation.getAction();
            action.checkRight();
        }

        return invocation.invoke();
    }
}

Then, define the interceptor in your stack.

Any action that you want to perform security checks in should implement SecurityCheckAware. For example:

@Override
public void checkRight() {
    User loginUser = (User) session.get("user");
    if (loginUser != null && loginUser.getRole().getId() != Constant.AUTHORITY_ADMIN) {
        throw new AccessViolation("You do not have permission to access this page.");
    }
}

Next, create a custom exception that extends RuntimeException (or some subclass thereof). I call it AccessViolation.

Lastly, map AccessViolation to an error page in your struts.xml, such as:

<global-results>
    <result name="accessDenied">/WEB-INF/jsp/accessDenied.jsp</result>
</global-results>

<global-exception-mappings>
    <exception-mapping exception="com.example.AccessViolation" result="accessDenied"/>
</global-exception-mappings>

Note: You can fore-go the SecurityCheckAware and SecurityCheckInterceptor and just use the existing Preparable and PrepareInterceptor, but I like being able to encapsulate my security checks in their own method.

This doesn't rely on redirection or action/field errors (as in your question), but it should deliver everything you're looking for.

回复 原文
酒儿 2024-10-18 09:46:26

我使用 MessageStoreInterceptor,这很简单。

MessageStoreInterceptor - http://struts.apache.org/release /2.3.x/docs/message-store-interceptor.html

如果您需要更多帮助,请告诉我。

I use MessageStoreInterceptor and it's easy.

MessageStoreInterceptor - http://struts.apache.org/release/2.3.x/docs/message-store-interceptor.html

Let me know if you need more help.

回复 原文
~没有更多了~

关于作者

你另情深

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文