我有这个struts2拦截器类,它检查access
会话密钥并决定是让用户继续查看实际页面还是显示错误消息页面。
这种价值检查的最佳方法是什么?
public String intercept(ActionInvocation invoke) throws Exception {
Map<String,Object> session = invoke.getInvocationContext().getSession();
Set<String> access = (Set<String>) session.get("access");
String action = invoke.getAction().getClass().getSimpleName();
switch(action) {
case "ParametersHomeAction":
case "ErrorMapAction" :
case "FillerMusicAndLoginAction":
case "ScheduledAction":
case "SysConfigAction":
case "SysParamAction":
if(access.contains("PAR-FM") ||
access.contains("PAR-SCHA") ||
access.contains("PAR-EM") ||
access.contains("PAR-SYSCNF") ||
access.contains("PAR-CSAT")) {
return invoke.invoke();
} else return RESTRICTED_ERROR;
case "ProfilesHomeAction":
case "GroupAction":
case "UserAction":
if(access.contains("PFA-U") ||
access.contains("PFA-G")) {
return invoke.invoke();
} else return RESTRICTED_ERROR;
case "SystemHomeAction":
case "FunctionAction":
case "LockUnlockAction":
case "WfCategoryAction":
case "WfStatusAction":
if(access.contains("SYSA-WC") ||
access.contains("SYSA-WS") ||
access.contains("SYSA-WT") ||
access.contains("SYSA-WTU") ||
access.contains("SYSA-LUU") ||
access.contains("SYSA-BF")) {
return invoke.invoke();
} else return RESTRICTED_ERROR;
case "ReportsHomeAction":
if(access.contains("RP-BOAL") ||
access.contains("RP-PBAL") ||
access.contains("RP-PBF") ||
access.contains("RP-PBMT") ||
access.contains("RP-IVRMU") ||
access.contains("RP-ACAR") ||
access.contains("RP-AUR")) {
return invoke.invoke();
} else return RESTRICTED_ERROR;
// TRANSACTIONS TO FOLLOW
case "HomeAction": invoke.invoke();
default: return RESTRICTED_ERROR;
}
}
答案 0 :(得分:0)
您可以将值放在数组或列表(或多个数组/列表)中,并检查其中是否有值。 列表:
boolean contains(Object o)
答案 1 :(得分:0)
我会将Map
类定义为他们需要的权限作为常量,用初始化块填充它:
private static final Map<Class<?>, Set<String>> PERMISSIONS = new HashMap<Class<?>, Set<String>>() {{
Set<String> permissions = new HashSet<String> (Arrays.asList("PAR-FM", "PAR-SCHA", "PAR-EM", "PAR-SYSCNF", "PAR-CSAT"));
put(ParametersHomeAction.class, permissions);
put(ErrorMapAction.class, permissions);
put(FillerMusicAndLoginAction.class, permissions);
put(ScheduledAction.class, permissions);
put(SysConfigAction.class, permissions);
put(ErrorMapAction.class, permissions);
put(SysParamAction.class, permissions);
permissions = new HashSet<String> (Arrays.asList("PFA-U", "PFA-G"));
put(ProfilesHomeAction.class, permissions);
put(GroupAction.class, permissions);
put(UserAction.class, permissions);
permissions = new HashSet<String> (Arrays.asList("SYSA-WC", "SYSA-WS", "SYSA-WT", "SYSA-WTU", "SYSA-LUU", "SYSA-BF"));
put(SystemHomeAction.class, permissions);
put(FunctionAction.class, permissions);
put(LockUnlockAction.class, permissions);
put(WfCategoryAction.class, permissions);
put(WfStatusAction.class, permissions);
permissions = new HashSet<String> (Arrays.asList("RP-BOAL", "RP-PBAL", "RP-PBF", "RP-PBMT", "RP-IVRMU", "RP-ACAR", "RP-AUR"));
put(ReportsHomeAction.class, permissions);
permissions = new HashSet<String>(); // special case for no permission required
put(HomeAction.class, permissions);
}};
然后通过查看此地图,您的方法可以变得简单:
public String intercept(ActionInvocation invoke) throws Exception {
Map<String, Object> session = invoke.getInvocationContext().getSession();
Set<String> access = (Set<String>) session.get("access");
Set<String> permissionSet = PERMISSIONS.get(invoke.getAction().getClass());
if (permissionSet == null || (!permissionSet.isEmpty() && !access.removeAll(permissionSet)))
return RESTRICTED_ERROR;
return invoke.invoke();
}
此代码将为您的代码生成相同的结果。 “权力”包含在if
:
permissionSet == null
模仿您的switch default
!permissionSet.isEmpty()
会处理您对HomeAction
Set.removeAll()
会返回true
,因此如果!access.removeAll(permissionSet)
true
为access
包含permissionSet