日期:2014-05-17  浏览次数:20809 次

100分!!关于SSH登陆和权限的问题~
流程是这样的: 《登陆—拦截器拦截—页面—根据权限显示对应的按钮操作》

我现在做到可以登陆到页面了,但是根据权限显示按钮还是不太会,帮忙改一下代码。

另外一个问题是,虽然有了登陆拦截,但是直接输入页面名字.jsp也可以进入,如何解决。



代码如下:


拦截器:

Java code
public class AuthorizationInterceptor extends AbstractInterceptor {
    private static final String SC = "sc";
    private static final String RELOGIN = "relogin";
    protected Logger logger = LoggerFactory.getLogger(getClass());
    public String intercept(ActionInvocation invocation) throws Exception {
        HttpSession session = ServletActionContext.getRequest().getSession();
        /*String actionName = invocation.getProxy().getActionName();
        System.out.println("actionName:"+actionName);*/
        if (null != session.getAttribute(SC)) {
             System.out.println("拦截器:合法用户登录---");
            logger.debug("拦截器:合法用户登录---");
            return invocation.invoke();
        }
        System.out.println("拦截器:用户未登录---");
        logger.debug("拦截器:用户未登录---");
        return RELOGIN;
    }

}



action:


Java code
package com.action;

public class UserinfoAction extends ActionSupport implements ModelDriven<Users>{
    private static final long serialVersionUID = 1L;
    protected Logger logger = LoggerFactory.getLogger(getClass());
    private static final String LOGINSUCCESS = "loginsuccess";
    private Users userinfo;
    private UserinfoService userinfoService;
    //采用模型驱动
    private Users model=new Users();//用于封装会员属性模型
    public Users getModel() {
        return model;
    }
    public String login(){
        logger.debug("login begin....");
        String validateFlag = "";
        HttpSession session = ServletActionContext.getRequest().getSession();
        Assert.notNull(session);
        try {
            validateFlag = userinfoService.validateLogin(model, session);            
        } catch (RuntimeException e) {
            System.out.println(validateFlag);
            logger.error("login validate error!"+e.getMessage());
            addActionError("登录验证失败!");
            return INPUT;
        }
        if(!LOGINSUCCESS.equals(validateFlag))
        {
            addActionError(validateFlag);
            return INPUT;
        }
        session = ServletActionContext.getRequest().getSession();
        SessionContainer sc = (SessionContainer)session.getAttribute("sc");
        session.setAttribute("sc", sc);
        logger.info("session create success!");
        return SUCCESS;
    }
    public String loginout(){
        HttpSession session = ServletActionContext.getRequest().getSession();
        Assert.notNull(session);
        SessionContainer sc = (SessionContainer)session.getAttribute("sc");
        if(null!=sc){
            session.removeAttribute("sc");
            logger.info("session destroy success!");
        }
        return SUCCESS;
    }
    
/**  省略set/get */
}





xml:

Java code


<interceptors>
            <interceptor name="authority" class="com.action.AuthorizationInterceptor"/>    
            <interceptor-stack name="mydefault">
            
                <interceptor-ref name="authority" />        
                <interceptor-ref name="defaultSta