我思故我强

系统权限解决方案(转载)


每个软件中都有权限这个功能,搞了个通过tag实现的方法,复用性很强,


psy-operation.tld

Xml代码
<?xml version="1.0" encoding="UTF-8" ?> 
<taglib xmlns="http://java.sun.com/xml/ns/j2ee
    xmlns:xsi="http://www.blog.com.cn/http://www.w3.org/2001/XMLSchema-instance
    xsi:schemaLocation="http://www.blog.com.cn/http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd
    version="http://www.blog.com.cn/2.0"> 
  <description> 
 psychcn 标记库 1.0  
  </description> 
  <tlib-version>1.0</tlib-version> 
  <short-name>psydict</short-name> 
  <uri>http://www.psychcn.com/taglibs</uri> 
    <tag> 
    <name>op</name> 
    <description>权限标签</description> 
    <tag-class>com.psychcn.web.tags.OperationTag</tag-class> 
 <body-content>scriptless</body-content> 
      
    <attribute> 
       <name>code</name> 
       <required>true</required> 
       <rtexprvalue>true</rtexprvalue> 
    </attribute> 
    <attribute> 
       <name>opset</name> 
       <required>false</required> 
       <rtexprvalue>true</rtexprvalue> 
    </attribute>      
  </tag> 
</taglib> 

<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.blog.com.cn/http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.blog.com.cn/http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
    version="http://www.blog.com.cn/2.0">
  <description>
 psychcn 标记库 1.0
  </description>
  <tlib-version>1.0</tlib-version>
  <short-name>psydict</short-name>
  <uri>http://www.psychcn.com/taglibs</uri>
    <tag>
    <name>op</name>
    <description>权限标签</description>
    <tag-class>com.psychcn.web.tags.OperationTag</tag-class>
 <body-content>scriptless</body-content>
   
    <attribute>
       <name>code</name>
       <required>true</required>
       <rtexprvalue>true</rtexprvalue>
    </attribute>
    <attribute>
       <name>opset</name>
       <required>false</required>
       <rtexprvalue>true</rtexprvalue>
    </attribute>   
  </tag>
</taglib>

OperationTag.java

Java代码
import javax.servlet.jsp.JspException;  
import javax.servlet.jsp.tagext.SimpleTagSupport;  
 
import java.io.IOException;  
import java.util.*;  
 
public class OperationTag extends SimpleTagSupport {  
 private Set operation_set;  
 private String default_operation_set_name = "ops";  
 private String code;  
   
 public void setCode(String code) {  
  this.code = code;  
 }  
 public void setOpset(Set operation_set) {  
  this.operation_set = operation_set;  
 }  
 public void setOpsetName(String name) {  
  this.default_operation_set_name= name;  
 }  
   
 public void doTag() throws JspException, IOException{  
  //session中没有设置权限HashSet,给默认值  
  if (operation_set==null) {  
   Object o = this.getJspContext().findAttribute(default_operation_set_name);  
   if (o instanceof Set)  
    operation_set = (Set)o;  
  }  
    
  if (code == null || operation_set == null)  
   throw new JspException("标签属性无效,无法执行!");  
    
  //这里支持多个code,用','分割,有一个符合条件就输出,全部不满足则不输出(注意不能有空格,区分大小写)  
  String[] codes = code.split(",");  
  for (String s : codes) {  
   if (operation_set.contains(s)) {  
    this.getJspBody().invoke(this.getJspContext().getOut());  
    return;  
   }  
  }  
 }  

import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.SimpleTagSupport;

import java.io.IOException;
import java.util.*;

public class OperationTag extends SimpleTagSupport {
 private Set operation_set;
 private String default_operation_set_name = "ops";
 private String code;
 
 public void setCode(String code) {
  this.code = code;
 }
 public void setOpset(Set operation_set) {
  this.operation_set = operation_set;
 }
 public void setOpsetName(String name) {
  this.default_operation_set_name= name;
 }
 
 public void doTag() throws JspException, IOException{
  //session中没有设置权限HashSet,给默认值
  if (operation_set==null) {
   Object o = this.getJspContext().findAttribute(default_operation_set_name);
   if (o instanceof Set)
    operation_set = (Set)o;
  }
 
  if (code == null || operation_set == null)
   throw new JspException("标签属性无效,无法执行!");
 
  //这里支持多个code,用','分割,有一个符合条件就输出,全部不满足则不输出(注意不能有空格,区分大小写)
  String[] codes = code.split(",");
  for (String s : codes) {
   if (operation_set.contains(s)) {
    this.getJspBody().invoke(this.getJspContext().getOut());
    return;
   }
  }
 }
}
 

 

底层查找权限接口:

OperationService.java

Java代码
public java.util.HashSet<String> findByUserId(String userId) throws Exception;  
实现接口类:(//通过USERID找到对应的operation的code)  
 
OperationServiceImpImp.java  
 
 public java.util.HashSet<String> findByUserId(String userId) throws Exception{  
  Session s = getSession();  
  Transaction tx = s.beginTransaction();  
    
  String sql = "select DISTINCT o.code from users u " +  
      "inner join groupmember gm on u.userId=gm.user_Id " +   
      "inner join groupacl ga on gm.group_id=ga.group_id " +  
      "inner join operation o on ga.op_id = o.id " +  
      "where u.userId=?";  
  Query q = s.createSQLQuery(sql).setString(0,userId);  
  List<Object> ls = q.list();  
  HashSet ops = new HashSet();  
  for(Object object : ls){  
   ops.add(object);  
  }  
  tx.commit();  
  releaseSession(s);  
    
  return ops;  
 } 

public java.util.HashSet<String> findByUserId(String userId) throws Exception;
实现接口类:(//通过USERID找到对应的operation的code)

OperationServiceImpImp.java

 public java.util.HashSet<String> findByUserId(String userId) throws Exception{
  Session s = getSession();
  Transaction tx = s.beginTransaction();
 
  String sql = "select DISTINCT o.code from users u " +
      "inner join groupmember gm on u.userId=gm.user_Id " +
      "inner join groupacl ga on gm.group_id=ga.group_id " +
      "inner join operation o on ga.op_id = o.id " +
      "where u.userId=?";
  Query q = s.createSQLQuery(sql).setString(0,userId);
  List<Object> ls = q.list();
  HashSet ops = new HashSet();
  for(Object object : ls){
   ops.add(object);
  }
  tx.commit();
  releaseSession(s);
 
  return ops;
 }

这样,在用户登录时,可以把该用户的权限HashSet装载到Session中

 

//把当前用户的权限添加到HashSet
  

Java代码
HashSet ops = AppResource.operationService.findByUserId(user.getUserId());  
session.setAttribute("ops",ops); 

HashSet ops = AppResource.operationService.findByUserId(user.getUserId());
session.setAttribute("ops",ops);

最后,在JSP中就可以简单的使用标签来判断有没有某个权限,没有则不显示

Xml代码
<%@ taglib prefix="psy" uri="http://www.psychcn.com/taglibs" %>   
<psy:op code="Finance_Payment">看你有没有权限让我显示</psy:op> 

<%@ taglib prefix="psy" uri="http://www.psychcn.com/taglibs" %>
<psy:op code="Finance_Payment">看你有没有权限让我显示</psy:op>

 

OK!可以根据需要修改。

posted on 2009-01-04 15:40 李云泽 阅读(301) 评论(0)  编辑  收藏 所属分类: J2EE


只有注册用户登录后才能发表评论。


网站导航: