Java權限管理 – JAVA編程語言程序開發技術文章

今天沒事幹就寫瞭個這麼個玩意、目的是用在權限管理上。寫得時候、頭都大瞭,縮減瞭一次代碼。請大傢給我找找毛病,爭取完善
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;


public class LimitInterceptor implements Interceptor{
  public void destroy() {
  }
  public void init() {
  }

  public String intercept(ActionInvocation actionInvocation) throws Exception {
    ActionContext context=actionInvocation.getInvocationContext();
    HttpServletRequest request=(HttpServletRequest)context.get(ServletActionContext.HTTP_REQUEST);
    HttpSession session=request.getSession();
    if(request.getHeader("Referer")!=null&&session.getAttribute("userinfo")!=null){
//        獲得用戶
        EntityManager em=new EntityManager(session.getAttribute("userinfo").toString());
//        數據庫所有權限
        HashMap<String,String> limitsMap=LimitsUtils.getInstance().getAllLimis();
//        獲得該用戶權限   
        String[]limit=limitsMap.get(em.lv).toString().split("/");//delete/view
          if(limit==null){
            returnLastPage();
            return null;
          }else{
            String methodName;
            for(int stmp=0;stmp<limit.length;stmp++){
              methodName=actionInvocation.getProxy().getMethod();
              Pattern p = Pattern.compile("^"+limit[stmp]+"([a-zA-Z0-9_//$]+?)$");   
              //匹配用戶權限
              Matcher m = p.matcher(methodName.toLowerCase());   
                         if(m.matches()){
                            return actionInvocation.invoke();
                         }else{
                            returnLastPage();
                            return null;
                         }
            }
            return null;
          }
    }else{
      return "index";
    }
  }
   
  public void returnLastPage()
  {
    try {
      ServletActionContext.getResponse().setContentType("text/html");
      ServletActionContext.getResponse().setCharacterEncoding("utf-8");
      ServletActionContext.getResponse().getWriter().write("<script language='javascript'>alert('您沒有該權限執行這項任務');history.go(-1);</script>");
      ServletActionContext.getResponse().getWriter().flush();
      ServletActionContext.getResponse().getWriter().close();
    } catch (IOException e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }
  }
   
  /**
    * 醉翁之意不在酒
    * 此處隻是暫用之
    * @author Administrator
    *
    */
  class EntityManager{
    private String name;
    private List<String> limits;
    private String lv;
    public EntityManager(String name) {
      super();
      this.name = name;
    }
    public EntityManager() {
      super();
      // TODO Auto-generated constructor stub
    }
    public String getLv() {
      if(lv==null)lv="User";
      return lv;
    }
    public void setLv(String lv) {
      this.lv = lv;
    }
  }
   
  static class LimitsUtils{
    private LimitsUtils(){}
    private static LimitsUtils limitsutils;
    public static LimitsUtils getInstance(){
      if(limitsutils==null){
      synchronized (LimitsUtils.class) {
        if(limitsutils==null){
          limitsutils=new LimitsUtils();
        }
      }
      }
      return limitsutils;
    }
    public HashMap<String,String> getAllLimis() {
      HashMap<String,String> dataAllLimits=new HashMap<String, String>();
      dataAllLimits.put("Admin","add/delete/update/view");
      dataAllLimits.put("Proxy","add/view");
      dataAllLimits.put("User","view");
      return dataAllLimits;
    }
  }
}

作者“飛沙”

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *