1、实现表之间的数据缓存PopedomCache.java
public class PopedomCache {
// 日志
private Logger traceLogger = PafaCoreContexton.getInstance().getTracer();
private static PopedomCache cache;
// 所有菜单
private Set<MenuInfoDTO> allMenuSet;
// 所有权限
private Set<OprateInfoDTO> allOperateSet;
// 所有部门
private List<DeptInfoDTO> allDeptList;
// 所有权限Map<按钮编号, 按钮对象>
private Map<String, OprateInfoDTO> allOperateMap;
// 所有菜单Map<位置编号, 菜单对象>
private Map<String, MenuInfoDTO> allMenuMap;
// 所有数据Map<部门编码, 部门对象>
private Map<String, DeptInfoDTO> allDeptMap;
// 所有角色Map<角色, 角色对象>
private Map<String, RoleInfoDTO> allRoleMap;
public PopedomCache() {
init();
}
/**
* 获取权限缓存
*/
public static PopedomCache getInstance() {
if (cache == null) {
cache = new PopedomCache();
}
return cache;
}
/**
* 初始化信息
*
*/
@SuppressWarnings("unchecked")
private void init() {
try {
// 初始化变量
this.initParameter();
Map<String, String> paginatedMap = new HashMap<String, String>();
paginatedMap.put(RoleMenuConstant.QUERY_ALL_MENUINFODTO_LIST, RoleMenuConstant.QUERY_ALL_MENUINFODTO_LIST);
paginatedMap.put(RoleMenuConstant.QUERY_ALL_OPRATEINFODTO_LIST, RoleMenuConstant.QUERY_ALL_OPRATEINFODTO_LIST);
paginatedMap.put(RoleMenuConstant.QUERY_ALL_ROLEINFODTO_LIST, RoleMenuConstant.QUERY_ALL_ROLEINFODTO_LIST);
paginatedMap.put(RoleMenuConstant.QUERY_ALL_DEPTINFODTO_LIST, RoleMenuConstant.QUERY_ALL_DEPTINFODTO_LIST);
Map<String, Object> resultMap = (Map<String, Object>) CURDUtil.execAction("popedomCacheAction", paginatedMap, null);
// 查询所有菜单
List menuList = (List) resultMap.get(RoleMenuConstant.QUERY_ALL_MENUINFODTO_LIST);
// 查询所有权限
List operateList = (List) resultMap.get(RoleMenuConstant.QUERY_ALL_OPRATEINFODTO_LIST);
// 查询所有角色
List roleList = (List) resultMap.get(RoleMenuConstant.QUERY_ALL_ROLEINFODTO_LIST);
allMenuSet.addAll(menuList);
allOperateSet.addAll(operateList);
allDeptList = (List<DeptInfoDTO>) resultMap.get(RoleMenuConstant.QUERY_ALL_DEPTINFODTO_LIST);
this.initAllOperateMap(allOperateSet);
this.initAllMenuMap(allMenuSet);
this.initAllDeptMap(allDeptList);
this.initAllRoleMap(roleList);
} catch (Exception e) {
traceLogger.log("ex-system", Level.COMMON_ERROR, this.getClass()
.getName(), "PopedomCache.init()", e + "权限菜单初始化-出现异常!");
}
}
/**
* 初始化变量对象
*
*/
private void initParameter()
{
allMenuSet = SortSet.getMenuInfoDTOSet();
allOperateSet = SortSet.getOprateInfoDTOSet();
allMenuMap = new HashMap<String, MenuInfoDTO>();
allOperateMap = new HashMap<String, OprateInfoDTO>();
allDeptList = new ArrayList<DeptInfoDTO>();
allDeptMap = new HashMap<String, DeptInfoDTO>();
allRoleMap = new HashMap<String, RoleInfoDTO>();
}
/**初始化所有权限MAP,以编号为ID
*
* @param allOperateSet
*/
private void initAllOperateMap(Set set) {
if (set != null && set.size() > 0) {
for (Iterator itor = set.iterator(); itor.hasNext();) {
OprateInfoDTO dto = (OprateInfoDTO) itor.next();
allOperateMap.put(dto.getOperateNo(), dto);
}
}
}
/***
* 初始化部门Map
* @param set
*/
private void initAllDeptMap(List set) {
if (set != null && set.size() > 0) {
for (Iterator itor = set.iterator(); itor.hasNext();) {
DeptInfoDTO dto = (DeptInfoDTO) itor.next();
allDeptMap.put(dto.getDeptCode(), dto);
}
}
}
/**初始化所有菜单MAP,以位置为ID
*
* @param allOperateSet
*/
private void initAllMenuMap(Set set) {
if (set != null && set.size() > 0) {
for (Iterator itor = set.iterator(); itor.hasNext();) {
MenuInfoDTO dto = (MenuInfoDTO) itor.next();
allMenuMap.put(dto.getMenuPosition(), dto);
}
}
}
/***
* 初始化部门Map
* @param set
*/
private void initAllRoleMap(List list) {
if (list != null && list.size() > 0) {
for (Iterator itor = list.iterator(); itor.hasNext();) {
RoleInfoDTO dto = (RoleInfoDTO) itor.next();
allRoleMap.put(dto.getRoleInfoId(), dto);
}
}
}
/** 角色权限关系集合转换为操作权限对象集合
*
* @param roleOperateRelationDTOList
* @return
*/
public List<OprateInfoDTO> changeOperateRelationDTO(List roleOperateRelationDTOList)
{
List<OprateInfoDTO> tempList = new ArrayList<OprateInfoDTO>();
if (roleOperateRelationDTOList != null && roleOperateRelationDTOList.size() > 0)
{
for (Iterator itor = roleOperateRelationDTOList.iterator(); itor.hasNext();)
{
RoleOperateRelationDTO dto = (RoleOperateRelationDTO)itor.next();
// 到缓存类中寻找权限对象
tempList.add(allOperateMap.get(dto.getIdOperateInfo()));
}
}
return tempList;
}
/** 角色权限关系集合转换为数据权限对象集合--部门
*
* @param roleOperateRelationDTOList
* @return
*/
public List<DeptInfoDTO> changeDeptRelationDTO(List roleOperateRelationDTOList)
{
Set<DeptInfoDTO> tempSet = new HashSet<DeptInfoDTO>();
if (roleOperateRelationDTOList != null && roleOperateRelationDTOList.size() > 0)
{
for (Iterator itor = roleOperateRelationDTOList.iterator(); itor.hasNext();)
{
RoleDataRelationDTO dto = (RoleDataRelationDTO)itor.next();
// 到缓存类中寻找权限对象
DeptInfoDTO tempDeptInfoDTO = allDeptMap.get(dto.getDataCode());
if (tempDeptInfoDTO == null)
{
traceLogger.log("ex-system", Level.INFO, this.getClass().getName(), "PopedomCache.changeDeptRelationDTO()", "登陆用户数据权限,编码[" + dto.getDataCode() + "]取到部门对象为空!");
continue;
}
tempSet.add(tempDeptInfoDTO);
}
}
List<DeptInfoDTO> tempList = new ArrayList<DeptInfoDTO>();
tempList.addAll(tempSet);
return tempList;
}
/** 根据角色ID获取角色对象
*
* @param roleOperateRelationDTOList
* @return
*/
public RoleInfoDTO getRoleInfoDTOById(String roleId)
{
if (!StringUtil.isEmpty(roleId))
{
return allRoleMap.get(roleId);
}
return null;
}
/**根据编码获取权限对象
*
* @param operateNo
* @return
*/
public OprateInfoDTO getOprateInfoDTOByOperateNo(String operateNo)
{
return allOperateMap.get(operateNo);
}
public Set<MenuInfoDTO> getAllMenuSet() {
return allMenuSet;
}
public Set<OprateInfoDTO> getAllOperateSet() {
return allOperateSet;
}
public Map<String, OprateInfoDTO> getAllOperateMap() {
return allOperateMap;
}
public Map<String, MenuInfoDTO> getAllMenuMap() {
return allMenuMap;
}
public Map<String, DeptInfoDTO> getAllDeptMap() {
return allDeptMap;
}
public List<DeptInfoDTO> getAllDeptList() {
return allDeptList;
}
/**更新部门缓存List与Map
*
* @param allDeptList
* @throws PafaWebException
*/
@SuppressWarnings("unchecked")
public void setAllDeptList() throws PafaWebException {
Map<String, String> paginatedMap = new HashMap<String, String>();
paginatedMap.put(RoleMenuConstant.QUERY_ALL_DEPTINFODTO_LIST, RoleMenuConstant.QUERY_ALL_DEPTINFODTO_LIST);
Map<String, Object> resultMap = (Map<String, Object>) CURDUtil.execAction("popedomCacheAction", paginatedMap, null);
this.allDeptList = (List<DeptInfoDTO>) resultMap.get(RoleMenuConstant.QUERY_ALL_DEPTINFODTO_LIST);
this.initAllDeptMap(this.allDeptList);
}
}
2、核心拦截处理类:SystemPopedomAccess.java
public class SystemPopedomAccess {
// 日志对象
private static Logger traceLogger = PafaCoreContexton.getInstance().getTracer();
/**根据按钮编号<br />
* 判断当前用户是否有权执行某按钮的某操作
*
* @param operateNo权限编号
* @return
*/
public static boolean flagIsAllowAccessByNo(HttpServletRequest request, String operateNo) {
// 不设置key\value默认为有权限
if (StringUtil.isEmpty(operateNo)) {
return true;
}
HttpSession session = request.getSession();
// 当前登录人信息
UserInfoDTO userInfo = (UserInfoDTO)session.getAttribute(PopedomConstants.LOGON_INFO);
// 未登陆
if ( userInfo == null || StringUtil.isEmpty(userInfo.getUserUID())) {
return true;
}
// 获取当前用户所拥有的权限集合
List<OprateInfoDTO> oprateInfoDTOSet = userInfo.getOprates();
// 从缓存中获取所有权限集合
Map<String, OprateInfoDTO> allOprateInfoDTOMap = PopedomCache.getInstance().getAllOperateMap();
// 拆分标签
String[] operateNoArr = operateNo.split(PopedomConstants.SIGN_OPERATENO);
// 传递参数true,那么当session过期时,新的session被创建,接下来可通过session.isNew()的返回值来判断是不是同一个session
// 返回值为:true,新的session被创建,action提交执行时的那个用户session已经无效,报异常:java.lang.IllegalStateException:
// getAttribute: Session already invalidated
// 返回值为:false,同一个session,仍然有效,
if (session.isNew()) {
return false;
}
Set<String> userOperateNoSet = obj2Str(oprateInfoDTOSet);
// 判断是否能访问
if (allOprateInfoDTOMap.keySet() == null || allOprateInfoDTOMap.keySet().size() == 0)
{
return true;
}
// 所有编号中判断是否有控制这个权限,true 有;false 没有
if (!isSetAllow(operateNoArr, allOprateInfoDTOMap.keySet())) {
return true;
}
// 当前用户权限是否存在
if (userOperateNoSet == null || userOperateNoSet.size() == 0)
{
return false;
}
// 加了权限控制 判断权限是否在当前用户权限内
if(isSetAllow(operateNoArr, userOperateNoSet))
{
return true;
}
return false;
}
/**根据按钮编号<br />
* 判断当前用户是否有权执行某按钮的某操作
*
* @param request 过滤器过来的对象
* @return
*/
public static boolean flagIsAllowAccessByUri(HttpServletRequest request) {
HttpSession session = request.getSession();
// 当前登录人信息
UserInfoDTO userInfo = (UserInfoDTO)session.getAttribute(PopedomConstants.LOGON_INFO);
// 未登陆
if ( request.getRemoteUser() == null || userInfo == null || StringUtil.isEmpty(userInfo.getUserUID()) || userInfo.getRoles().size() == 0) {
return true;
}
// 获取当前用户所拥有的菜单集合
List<MenuInfoDTO> menuInfoDTOSet = userInfo.getMenus();
// 获取当前用户所拥有的权限集合
List<OprateInfoDTO> oprateInfoDTOSet = userInfo.getOprates();
// 从缓存中获取所有菜单集合
Set<MenuInfoDTO> allMenuInfoDTOSet = PopedomCache.getInstance().getAllMenuSet();
// 从缓存中获取所有权限集合
Set<OprateInfoDTO> allOprateInfoDTOSet = PopedomCache.getInstance().getAllOperateSet();
// 请求链接
String requestUri = request.getRequestURI();
// 不设置key\value默认为有权限
if (StringUtil.isEmpty(requestUri)) {
return true;
}
// 传递参数true,那么当session过期时,新的session被创建,接下来可通过session.isNew()的返回值来判断是不是同一个session
// 返回值为:true,新的session被创建,action提交执行时的那个用户session已经无效,报异常:java.lang.IllegalStateException:
// getAttribute: Session already invalidated
// 返回值为:false,同一个session,仍然有效,
if (session.isNew()) {
traceLogger.log(SystemPopedomAccess.class.getName(), Level.INFO, "flagIsAllowAccessByUri()", "session.isNew()是新的", "");
return false;
}
// 判断 获取所有的菜单权限连接集合 是否控制uri
Set<String> allUrlSet = getMenuAndOperateUrlSet(allMenuInfoDTOSet, allOprateInfoDTOSet);
// 判断当前登陆用户是否 有权访问uri
Set<String> userUrlSet = getMenuAndOperateUrlSet(menuInfoDTOSet, oprateInfoDTOSet);
if (collectionIsContainsUri(request, requestUri, allUrlSet, userUrlSet))
{
return true;
}
return false;
}
/***
* 判断数组中的元素是否有存在集合中
* @param operateNoArr 多个权限编号
* @param allowSet 集合
* @return true 有; false 没有
*/
private static boolean isSetAllow(String[] operateNoArr, Set<String> allowSet) {
// 判断所有标签编号中是否包含有这个权限编号
boolean flag = false;// 没有
for (String s : operateNoArr) {
// 权限编号不为空并且 集合包含权限编号
if (!StringUtil.isEmpty(s) && allowSet.contains(s)) {
flag = true;
break;
}
}
return flag;
}
/**权限集合对象转换未字符串集合
*
* @param oprateInfoDTOSet
* @return
*/
private static Set<String> obj2Str(List<OprateInfoDTO> oprateInfoDTOSet)
{
Set<String> set = new HashSet<String>();
if (oprateInfoDTOSet != null)
{
for (OprateInfoDTO dto : oprateInfoDTOSet)
{
if (dto == null || StringUtil.isEmpty(dto.getOperateNo()))
{
continue;
}
set.add(dto.getOperateNo());
}
}
return set;
}
/*************************************************************新控制***************************************************************************/
/**获取菜单和权限连接中的url集合
*
* @param menuInfoDTOList
* @param oprateInfoDTOList
* @return
*/
private static Set<String> getMenuAndOperateUrlSet(Collection<MenuInfoDTO> menuInfoDTOCollection,Collection<OprateInfoDTO> oprateInfoDTOCollection)
{
Set<String> tempSet = new HashSet<String>();
// 菜单加入集合
if (menuInfoDTOCollection != null && menuInfoDTOCollection.size() > 0)
{
for (MenuInfoDTO dto : menuInfoDTOCollection)
{
if (dto == null || StringUtil.isEmpty(dto.getMenuUrl()))
{
continue;
}
tempSet.add(dto.getMenuUrl());
}
}
// 权限加入集合
if (oprateInfoDTOCollection != null && oprateInfoDTOCollection.size() > 0)
{
for (OprateInfoDTO dto : oprateInfoDTOCollection)
{
if (dto == null || StringUtil.isEmpty(dto.getOperateUrl()))
{
continue;
}
tempSet.add(dto.getOperateUrl());
}
}
return tempSet;
}
/**判断用户权限是否存在该uri
*
* @param request
* @param requestUri 请求连接
* @param allUrlSet
* @param collection
* @return
*/
private static boolean collectionIsContainsUri(HttpServletRequest request, String requestUri, Collection<String> allUrlCollection, Collection<String> userCollection)
{
// 如果所有链接为空 ,可以任意访问
if (allUrlCollection == null || allUrlCollection.size() == 0)
{
return true;
}
// 如果用户拥有链接集合为空
if (userCollection == null || userCollection.size() == 0)
{
return false;
}
// 所有链接中是否包含uri
Set<String> allUrlSet = getCollectionAboutList(requestUri, allUrlCollection);
// 不包含这个uri,这个uri不在控制范围内
if (allUrlSet.size() == 0)
{
return true;
}
// 当前用户权限是否包含这个链接
Set<String> userUrlSet = getCollectionAboutList(requestUri, userCollection);
// 如果不包含,则无权访问
if (userUrlSet.size() == 0)
{
return false;
}
//控制的url是否存在参数
Map<String, List<String>> mapResult = list2OperateMap(userUrlSet);
if (mapResult.size() == 0)
{
return true;
}
// 判断参数是否在集合中
boolean paramFlag = parametersIsInRequest(request, mapResult, userUrlSet, requestUri);
if (paramFlag)
{
return true;
}
// 如果是无参数链接,用户权限链接是否包含这个无参数的链接
// boolean userUrlContainsUriFlag = userUrlSet.contains(requestUri);
// if (userUrlContainsUriFlag)
// {
// return true;
// }
return false;
}
/**
* 返回oprateInfoDTOList中包含有uri相关的对象集合
* @param uri 请求连接
* @param oprateInfoDTOList 当前用户所拥有的所有权限集合
* @return
*/
private static Set<String> getCollectionAboutList(String uri, Collection<String> collection)
{
Set<String> tempSet = new HashSet<String>();
if (collection != null && collection.size() > 0)
{
for (String str : collection)
{
if (str.contains(uri))
{
tempSet.add(str);
}
}
}
return tempSet;
}
/**返回当前链接中uri对应的参数
*
* @param someUrlSet
* @return
*/
private static Map<String, List<String>> list2OperateMap(Set<String> someUrlSet)
{
Map<String, List<String>> mapResult = new HashMap<String, List<String>>();
// 初始化加载信息;
for (String urlString : someUrlSet)
{
splitUrl(mapResult, urlString);
}
return mapResult;
}
/**判断参数是否在request中
*
* @param request
* @param mapResult
* @return
*/
private static boolean parametersIsInRequest(HttpServletRequest request, Map<String, List<String>> mapResult, Set<String> userUrlSet, String requestUri)
{
// 验证结果
boolean validateFlag = true;
// request中包含的参数集合 请求参数集合
Map<String, String> requestMap = new HashMap<String, String>();
for (Enumeration e = request.getParameterNames(); e.hasMoreElements();) {
String name = (String) e.nextElement();
String value = request.getParameter(name);
// 根据传递过来的参数请求获取权限控制的url参数
List<String> allowValueList = mapResult.get(name);
if (allowValueList != null && allowValueList.size() > 0)
{
// 如果存在要控制的参数
requestMap.put(name, value);
if (!allowValueList.contains(value))
{
validateFlag = false;
}
}
}
// 当前是无参数链接请求,拥有权限包含请求uri
if (requestMap.size() == 0 && userUrlSet.contains(requestUri))
{
validateFlag = true;
}
return validateFlag;
}
/**
* 拆分url
* @author chen_weixian
* Jul 21, 2012 6:09:33 PM
* @param mapResult Map<String, String[]>=Map<paraName, paraValues>
* @param urlString
* @return
*/
private static void splitUrl(Map<String, List<String>> mapResult, String urlString)
{
// 根据问号进行拆分
String[] urlArr = urlString.split(PopedomConstants.SIGN_KEY);
// 如果存在参数
if (urlArr.length > 1)
{
// 根据 & 拆分有多少参数
String[] paramArray = urlArr[1].split(PopedomConstants.SIGN_AND);
// 如果存在参数
if (paramArray.length > 0)
{
for (String paraAndValue : paramArray)
{
addParaToMap(mapResult, paraAndValue);
}
}
}
}
/**将参数与值放入到map中
*
* @param mapResult
* @param paraAndValue
*/
private static void addParaToMap(Map<String, List<String>> mapResult, String paraAndValue)
{
// 参数名
String paraName = null;
// 参数值
String paraValue = null;
if (paraAndValue.contains(PopedomConstants.SIGN_EQUALS))
{
String[] para= paraAndValue.split(PopedomConstants.SIGN_EQUALS);
if (para.length > 0)
{
paraName = para[0];
}
if (para.length > 1)
{
paraValue = para[1];
}
}
// 获取集合中参数的值集合
List<String> tempList = mapResult.get(paraName);
if (tempList == null)
{
tempList = new ArrayList<String>();
}
tempList.add(paraValue);
// 参数加入到集合中
mapResult.put(paraName, tempList);
}
}
3、标签处理类:OperateAccessTag
/***
* 权限标签控制
* @author EX-CHENWEIXIAN001
*
*/
@SuppressWarnings("unchecked")
public class OperateAccessTag extends BodyTagSupport {
private static final long serialVersionUID = -516656449548427206L;
// 日志
private Logger traceLogger = PafaCoreContexton.getInstance().getTracer();
private String operateNo; // 权限编号,多个以;相隔
@Override
public int doStartTag() throws JspException {
return super.doStartTag();
}
@Override
public int doEndTag() throws JspException {
this.showTagInnerHtml();
return SKIP_BODY;
}
/**
* 显示出HTML标签体
* 无权限的按钮 加上属性 disabled="disabled",其他的都去掉
*/
public void showTagInnerHtml()
{
if (this.bodyContent != null)
{
JspWriter out = this.pageContext.getOut();
String JspHtmlString = this.bodyContent.getString();
boolean isShow = hasPermission();
// // 显示无变化
if (!isShow)
{
// 如果是按钮 在内容中加上 display 在<input 替换为<input disabled="disabled"
if (JspHtmlString.contains("<input"))
{
JspHtmlString = JspHtmlString.replace("<input", "<input disabled=\"disabled\"");
}
// 其他的,不显示
else
{
JspHtmlString="";
}
}
try {
out.write(JspHtmlString);
}
catch (Exception e) {
traceLogger.log(this.getClass().getName(), Level.COMMON_ERROR, "OperateAccessTag.hasPermission()", "权限按钮过滤异常:", e.getMessage());
}
}
}
/**
* 按钮显示控制
* @return true 显示;false 隐藏
*/
protected boolean hasPermission() {
boolean isShow = false;
try
{
// 获取request 对象
HttpServletRequest request = (HttpServletRequest) this.pageContext.getRequest();
isShow = SystemPopedomAccess.flagIsAllowAccessByNo(request,operateNo);
}
catch (Exception e) {
traceLogger.log(this.getClass().getName(), Level.COMMON_ERROR, "OperateAccessTag.hasPermission()", "权限按钮过滤异常:", e.getMessage());
}
return isShow;
}
public String getOperateNo() {
return operateNo;
}
public void setOperateNo(String operateNo) {
this.operateNo = operateNo;
}
}
4、标签popedom-tags.tld
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.1//EN" "http://java.sun.com/j2ee/dtds/web-jsptaglibrary_1_1.dtd">
<taglib>
<tlib-version>1.0.1</tlib-version>
<jsp-version>1.2</jsp-version>
<short-name>operate</short-name>
<uri>/WEB-INF/tlds/popedom-tags.tld</uri>
<info>popedom operate access</info>
<tag>
<name>access</name>
<tag-class>
com.pingan.saims.scms.systemmanage.web.filter.OperateAccessTag
</tag-class>
<body-content>tagdependent</body-content>
<attribute>
<name>operateNo</name>
<required>false</required>
<rtexprvalue>yes</rtexprvalue>
</attribute>
</tag>
<tag>
<name>commonSelect</name>
<tag-class>
com.pingan.saims.scms.systemmanage.web.filter.DictionaryTag
</tag-class>
<body-content>tagdependent</body-content>
<attribute>
<name>id</name>
<required>false</required>
<rtexprvalue>yes</rtexprvalue>
</attribute>
<attribute>
<name>name</name>
<required>false</required>
<rtexprvalue>yes</rtexprvalue>
</attribute>
<attribute>
<name>value</name>
<required>false</required>
<rtexprvalue>yes</rtexprvalue>
</attribute>
<attribute>
<name>type</name>
<required>yes</required>
<rtexprvalue>yes</rtexprvalue>
</attribute>
<attribute>
<name>disabled</name>
<required>false</required>
<rtexprvalue>yes</rtexprvalue>
</attribute>
<attribute>
<name>onchange</name>
<required>false</required>
<rtexprvalue>yes</rtexprvalue>
</attribute>
<attribute>
<name>class</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
</tag>
<tag>
<name>commonName</name>
<tag-class>
com.pingan.saims.scms.systemmanage.web.filter.DictionaryTag
</tag-class>
<body-content>tagdependent</body-content>
<attribute>
<name>value</name>
<required>yes</required>
<rtexprvalue>yes</rtexprvalue>
</attribute>
<attribute>
<name>type</name>
<required>yes</required>
<rtexprvalue>yes</rtexprvalue>
</attribute>
</tag>
5、权限过滤器:SessionTimeoutFilter.java
/**
* 处理session超时重新登录后取不到用户id问题
*
* @author EX-BIANDONGYU001
* @data 2011-11-14
*/
@SuppressWarnings("unchecked")
public class SessionTimeoutFilter implements Filter {
private Logger traceLogger = PafaCoreContexton.getInstance().getTracer();
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession();
// 判断session中是已否保存用户id
try {
String requestStr = request.getRequestURI();
// 不处理登陆界面信息
if (Pattern.matches("/(logout.do|userlogin.do|main.screen|common.userlogin.do|logonerror.screen|scms_payinform_hongding.do)",requestStr)) {
chain.doFilter(req, res);
return;
}
else if (session.getAttribute(PopedomConstants.LOGON_INFO) == null) {
String logonId = request.getRemoteUser();
if (logonId != null) {
logonId = logonId.toUpperCase();
UserInfoDTO userInfo = null;
Map params = new HashMap();
// 从UM2读取用户信息
userInfo = UserInfoUtil.getUserInfoByUID(logonId);
if (userInfo == null || userInfo.getRoles().size() == 0) {
session.setAttribute(PopedomConstants.LOGON_INFO, null);
request.setAttribute("content", "您登陆超时,请重新登陆!");
request.setAttribute("showBtn", "TRUE");// 显示按钮
request.setAttribute("toUM2UserLoginIndexUrl", "/");// 按钮点击跳转
req.getRequestDispatcher("/common/noPermission.jsp").forward(req, res);
}
params.put(PopedomConstants.LOGON_INFO, userInfo);
// 读取用户权限信息
Map resultMap = (Map) CURDUtil.execAction("scms.queryUserInfoAction", params, null);
Map menuInfos = (Map) resultMap.get("newMenuInfoMap");
userInfo = (UserInfoDTO) resultMap.get(PopedomConstants.LOGON_INFO);
request.setAttribute("menuInfos", menuInfos);
Map logonInfo = new HashMap();
logonInfo.put("logonId", userInfo.getUserUID());
logonInfo.put("logonName", userInfo.getUserName());
// 取出用户信息,放到session
session.setAttribute(PopedomConstants.LOGON_INFO, userInfo);
session.setAttribute("validatePendingCountTime", InitConfigParam.get("validatePendingCountTime"));
session.setAttribute("logonInfo", logonInfo);
}
else {
// 清空 session
session.setAttribute(PopedomConstants.LOGON_INFO, null);
// 跳转到登陆的地方
request.setAttribute("content", "您登陆超时,请重新登陆!");
request.setAttribute("showBtn", "TRUE");// 显示按钮
request.setAttribute("toUM2UserLoginIndexUrl", "/");// 按钮点击跳转
req.getRequestDispatcher("/common/noPermission.jsp").forward(req, res);
}
}
// 是否有权访问uri
boolean validateFlag = true;
try {
validateFlag = SystemPopedomAccess.flagIsAllowAccessByUri(request);
} catch (Exception e) {
traceLogger.log(this.getClass().getName(), Level.COMMON_ERROR,"PopedomFilter.doFilter()", "权限过滤出错,错误信息为:", e.getMessage());
}
if (!validateFlag) {
request.setAttribute("validateFlag", validateFlag);
request.setAttribute(PopedomConstants.MESSAGE_TITLE, "操作权限提示:");
request.setAttribute(PopedomConstants.MESSAGE_CONTENT,"对不起,您无权执行该操作!");
request.getRequestDispatcher("/docc/message_page.jsp").forward(request, response);
return;
}
chain.doFilter(req, res);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public void init(FilterConfig arg0) throws ServletException {
}
}
6、排序器:SortSet.java
/**
* 排序类
* @author EX-CHENWEIXIAN001
*
*/
@SuppressWarnings("unchecked")
public class SortSet implements Serializable
{
/**
*
*/
private static final long serialVersionUID = 1L;
public static TreeSet<MenuInfoDTO> getMenuInfoDTOSet()
{
return new TreeSet(new Comparator() {
public int compare(Object o1, Object o2) {
MenuInfoDTO t1 = (MenuInfoDTO)o1;
MenuInfoDTO t2 = (MenuInfoDTO)o2;
if (t1.getMenuPosition()==null || t2.getMenuPosition()== null)
{
return 2;
}
else if (Integer.parseInt(t1.getMenuPosition()) > Integer.parseInt(t2.getMenuPosition()))
{
return 1;
}
else if (Integer.parseInt(t1.getMenuPosition()) < Integer.parseInt(t2.getMenuPosition()))
{
return -1;
}
else if (!t1.equals(t2))
{
return 3;
}
else
{
return 0;
}
}
});
}
public static TreeSet<OprateInfoDTO> getOprateInfoDTOSet()
{
return new TreeSet(new Comparator() {
public int compare(Object o1, Object o2) {
OprateInfoDTO t1 = (OprateInfoDTO)o1;
OprateInfoDTO t2 = (OprateInfoDTO)o2;
if (t1.getOperateNo()==null || t2.getOperateNo()== null)
{
return 2;
}
else
{
String t1MenuPosition = t1.getOperateNo();
String t2MenuPosition = t2.getOperateNo();
t1MenuPosition = t1MenuPosition.replace("_", "");
t2MenuPosition = t2MenuPosition.replace("_", "");
if (Integer.parseInt(t1MenuPosition) > Integer.parseInt(t2MenuPosition))
{
return 1;
}
else if (Integer.parseInt(t1MenuPosition) < Integer.parseInt(t2MenuPosition))
{
return -1;
}
else if (!t1.equals(t2))
{
return 3;
}
else
{
return 0;
}
}
}
});
}
}
7、页面控制:例子.jsp
<operate:access operateNo="0401_06">
<input type="button" onclick="editToDetailQuota('update')" class="button23" name="updateBtn" id="updateBtn" value="修改"/>
</operate:access>
<operate:access operateNo="0401_04">
<input type="button" onclick="editToDetailQuota('review')" class="button23" name="reviewBtn" id="reviewBtn" value="复核"/>
</operate:access>
<operate:access operateNo="0401_07">
<input type="button" onclick="editToDetailQuota('revoke')" class="button23" name="revokeBtn" id="revokeBtn" value="作废"/>
</operate:access>