每个软件中都有权限这个功能,搞了个通过tag实现的方法,复用性很强,
psy-operation.tld
Xml代码
<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.blog.com.cn/http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.blog.com.cn/http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
version="http://www.blog.com.cn/2.0">
<description>
psychcn 标记库 1.0
</description>
<tlib-version>1.0</tlib-version>
<short-name>psydict</short-name>
<uri>http://www.psychcn.com/taglibs</uri>
<tag>
<name>op</name>
<description>权限标签</description>
<tag-class>com.psychcn.web.tags.OperationTag</tag-class>
<body-content>scriptless</body-content>
<attribute>
<name>code</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>opset</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>
<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.blog.com.cn/http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.blog.com.cn/http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
version="http://www.blog.com.cn/2.0">
<description>
psychcn 标记库 1.0
</description>
<tlib-version>1.0</tlib-version>
<short-name>psydict</short-name>
<uri>http://www.psychcn.com/taglibs</uri>
<tag>
<name>op</name>
<description>权限标签</description>
<tag-class>com.psychcn.web.tags.OperationTag</tag-class>
<body-content>scriptless</body-content>
<attribute>
<name>code</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>opset</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>
OperationTag.java
Java代码
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.SimpleTagSupport;
import java.io.IOException;
import java.util.*;
public class OperationTag extends SimpleTagSupport {
private Set operation_set;
private String default_operation_set_name = "ops";
private String code;
public void setCode(String code) {
this.code = code;
}
public void setOpset(Set operation_set) {
this.operation_set = operation_set;
}
public void setOpsetName(String name) {
this.default_operation_set_name= name;
}
public void doTag() throws JspException, IOException{
//session中没有设置权限HashSet,给默认值
if (operation_set==null) {
Object o = this.getJspContext().findAttribute(default_operation_set_name);
if (o instanceof Set)
operation_set = (Set)o;
}
if (code == null || operation_set == null)
throw new JspException("标签属性无效,无法执行!");
//这里支持多个code,用','分割,有一个符合条件就输出,全部不满足则不输出(注意不能有空格,区分大小写)
String[] codes = code.split(",");
for (String s : codes) {
if (operation_set.contains(s)) {
this.getJspBody().invoke(this.getJspContext().getOut());
return;
}
}
}
}
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.SimpleTagSupport;
import java.io.IOException;
import java.util.*;
public class OperationTag extends SimpleTagSupport {
private Set operation_set;
private String default_operation_set_name = "ops";
private String code;
public void setCode(String code) {
this.code = code;
}
public void setOpset(Set operation_set) {
this.operation_set = operation_set;
}
public void setOpsetName(String name) {
this.default_operation_set_name= name;
}
public void doTag() throws JspException, IOException{
//session中没有设置权限HashSet,给默认值
if (operation_set==null) {
Object o = this.getJspContext().findAttribute(default_operation_set_name);
if (o instanceof Set)
operation_set = (Set)o;
}
if (code == null || operation_set == null)
throw new JspException("标签属性无效,无法执行!");
//这里支持多个code,用','分割,有一个符合条件就输出,全部不满足则不输出(注意不能有空格,区分大小写)
String[] codes = code.split(",");
for (String s : codes) {
if (operation_set.contains(s)) {
this.getJspBody().invoke(this.getJspContext().getOut());
return;
}
}
}
}
底层查找权限接口:
OperationService.java
Java代码
public java.util.HashSet<String> findByUserId(String userId) throws Exception;
实现接口类:(//通过USERID找到对应的operation的code)
OperationServiceImpImp.java
public java.util.HashSet<String> findByUserId(String userId) throws Exception{
Session s = getSession();
Transaction tx = s.beginTransaction();
String sql = "select DISTINCT o.code from users u " +
"inner join groupmember gm on u.userId=gm.user_Id " +
"inner join groupacl ga on gm.group_id=ga.group_id " +
"inner join operation o on ga.op_id = o.id " +
"where u.userId=?";
Query q = s.createSQLQuery(sql).setString(0,userId);
List<Object> ls = q.list();
HashSet ops = new HashSet();
for(Object object : ls){
ops.add(object);
}
tx.commit();
releaseSession(s);
return ops;
}
public java.util.HashSet<String> findByUserId(String userId) throws Exception;
实现接口类:(//通过USERID找到对应的operation的code)
OperationServiceImpImp.java
public java.util.HashSet<String> findByUserId(String userId) throws Exception{
Session s = getSession();
Transaction tx = s.beginTransaction();
String sql = "select DISTINCT o.code from users u " +
"inner join groupmember gm on u.userId=gm.user_Id " +
"inner join groupacl ga on gm.group_id=ga.group_id " +
"inner join operation o on ga.op_id = o.id " +
"where u.userId=?";
Query q = s.createSQLQuery(sql).setString(0,userId);
List<Object> ls = q.list();
HashSet ops = new HashSet();
for(Object object : ls){
ops.add(object);
}
tx.commit();
releaseSession(s);
return ops;
}
这样,在用户登录时,可以把该用户的权限HashSet装载到Session中
//把当前用户的权限添加到HashSet
Java代码
HashSet ops = AppResource.operationService.findByUserId(user.getUserId());
session.setAttribute("ops",ops);
HashSet ops = AppResource.operationService.findByUserId(user.getUserId());
session.setAttribute("ops",ops);
最后,在JSP中就可以简单的使用标签来判断有没有某个权限,没有则不显示
Xml代码
<%@ taglib prefix="psy" uri="http://www.psychcn.com/taglibs" %>
<psy:op code="Finance_Payment">看你有没有权限让我显示</psy:op>
<%@ taglib prefix="psy" uri="http://www.psychcn.com/taglibs" %>
<psy:op code="Finance_Payment">看你有没有权限让我显示</psy:op>
OK!可以根据需要修改。