packagetutorial;
publicinterfaceRoleAware {
voidsetRole(String role);
}
接着,创建Action类tutorial.AuthorizatedAccess模拟访问受限资源,它作用就是通过实现RoleAware获取角色,并将其显示到ShowUser.jsp中,代码如下:
packagetutorial;
importcom.opensymphony.xwork2.ActionSupport;
publicclassAuthorizatedAccess extendsActionSupport implementsRoleAware {
privateString role;
publicvoidsetRole(String role) {
this.role =role;
}
publicString getRole() {
returnrole;
}
@Override
publicString execute() {
returnSUCCESS;
}
}
以下是ShowUser.jsp的代码:
<%@ page contentType="text/html; charset=UTF-8"%>
<%@taglib prefix="s"uri="/struts-tags"%>
Your role is:
然后,创建tutorial.Roles初始化角色列表,代码如下:
packagetutorial;
importjava.util.Hashtable;
importjava.util.Map;
publicclassRoles {
publicMap
Map
roles.put("EMPLOYEE", "Employee");
roles.put("MANAGER", "Manager");
returnroles;
}
}
接下来,新建Login.jsp实例化tutorial.Roles,并将其roles属性赋予
<%@ page contentType="text/html; charset=UTF-8"%>
<%@taglib prefix="s"uri="/struts-tags"%>
Login
Please select a role below:
创建Action类tutorial.Login将role放到session中,并转到Action类tutorial.AuthorizatedAccess,代码如下:
packagetutorial;
importjava.util.Map;
importorg.apache.struts2.interceptor.SessionAware;
importcom.opensymphony.xwork2.ActionSupport;
publicclassLogin extendsActionSupport implementsSessionAware {
privateString role;
privateMap session;
publicString getRole() {
returnrole;
}
publicvoidsetRole(String role) {
this.role =role;
}
publicvoidsetSession(Map session) {
this.session =session;
}
@Override
publicString execute() {
session.put("ROLE", role);
returnSUCCESS;
}
}
最后,配置struts.xml文件,内容如下:
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
----------------------------
好东西来了。
大家考虑一下,大家做个测试,如果将struts.xml改变一下,在用户登陆时使用默认拦截器拦截一下,结果会怎样?变成如下所示:
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
结果如下图:
这是为什么呢?
原来是拦截器拦截以后,如果你不注入session(比如implements SessionAware),session将会丢失。