-1

我有这个 struts2 拦截器类,它检查access会话密钥并决定是让用户继续查看实际页面还是显示错误消息页面。

这种价值检查的最佳方法是什么?

public String intercept(ActionInvocation invoke) throws Exception {
    Map<String,Object> session = invoke.getInvocationContext().getSession();

    Set<String> access = (Set<String>) session.get("access");
    String action = invoke.getAction().getClass().getSimpleName();

    switch(action) {
        case "ParametersHomeAction":
        case "ErrorMapAction" :
        case "FillerMusicAndLoginAction":
        case "ScheduledAction":
        case "SysConfigAction":
        case "SysParamAction":
            if(access.contains("PAR-FM") ||
               access.contains("PAR-SCHA") ||
               access.contains("PAR-EM") ||
               access.contains("PAR-SYSCNF") ||
               access.contains("PAR-CSAT")) {
                return invoke.invoke();
            } else return RESTRICTED_ERROR;

        case "ProfilesHomeAction":
        case "GroupAction":
        case "UserAction":
            if(access.contains("PFA-U") ||
               access.contains("PFA-G")) {
                return invoke.invoke();
            } else return RESTRICTED_ERROR;

        case "SystemHomeAction":
        case "FunctionAction":
        case "LockUnlockAction":
        case "WfCategoryAction":
        case "WfStatusAction":
            if(access.contains("SYSA-WC") ||
               access.contains("SYSA-WS") ||
               access.contains("SYSA-WT") ||
               access.contains("SYSA-WTU") ||
               access.contains("SYSA-LUU") ||
               access.contains("SYSA-BF")) {
                return invoke.invoke();
            } else return RESTRICTED_ERROR;

        case "ReportsHomeAction":
            if(access.contains("RP-BOAL") ||
               access.contains("RP-PBAL") ||
               access.contains("RP-PBF") ||
               access.contains("RP-PBMT") ||
               access.contains("RP-IVRMU") ||
               access.contains("RP-ACAR") ||
               access.contains("RP-AUR")) {
                return invoke.invoke();
            } else return RESTRICTED_ERROR;

        // TRANSACTIONS TO FOLLOW
        case "HomeAction": invoke.invoke();
        default: return RESTRICTED_ERROR;   
    }
}
4

2 回答 2

0

您可以将值放入数组或列表(或多个数组/列表)中,并检查其中是否包含值。对于列表:

boolean contains(Object o)
于 2013-10-25T09:12:40.537 回答
0

我会将一个Map类定义为它们所需的权限作为常量,并使用初始化块填充它:

private static final Map<Class<?>, Set<String>> PERMISSIONS = new HashMap<Class<?>, Set<String>>() {{
    Set<String> permissions = new HashSet<String> (Arrays.asList("PAR-FM", "PAR-SCHA", "PAR-EM", "PAR-SYSCNF", "PAR-CSAT"));
    put(ParametersHomeAction.class, permissions);
    put(ErrorMapAction.class, permissions);
    put(FillerMusicAndLoginAction.class, permissions);
    put(ScheduledAction.class, permissions);
    put(SysConfigAction.class, permissions);
    put(ErrorMapAction.class, permissions);
    put(SysParamAction.class, permissions);
    permissions = new HashSet<String> (Arrays.asList("PFA-U", "PFA-G"));
    put(ProfilesHomeAction.class, permissions);
    put(GroupAction.class, permissions);
    put(UserAction.class, permissions);
    permissions = new HashSet<String> (Arrays.asList("SYSA-WC", "SYSA-WS", "SYSA-WT", "SYSA-WTU", "SYSA-LUU", "SYSA-BF"));
    put(SystemHomeAction.class, permissions);
    put(FunctionAction.class, permissions);
    put(LockUnlockAction.class, permissions);
    put(WfCategoryAction.class, permissions);
    put(WfStatusAction.class, permissions);
    permissions = new HashSet<String> (Arrays.asList("RP-BOAL", "RP-PBAL", "RP-PBF", "RP-PBMT", "RP-IVRMU", "RP-ACAR", "RP-AUR"));
    put(ReportsHomeAction.class, permissions);
    permissions = new HashSet<String>(); // special case for no permission required
    put(HomeAction.class, permissions);
}};

然后通过查看此地图,您的方法可以变得简单:

public String intercept(ActionInvocation invoke) throws Exception {
    Map<String, Object> session = invoke.getInvocationContext().getSession();
    Set<String> access = (Set<String>) session.get("access");
    Set<String> permissionSet = PERMISSIONS.get(invoke.getAction().getClass());
    if (permissionSet == null || (!permissionSet.isEmpty() && !access.removeAll(permissionSet)))
        return RESTRICTED_ERROR;
    return invoke.invoke();
}

此代码将产生与您的代码等效的结果。“权力”包含在if

  • permissionSet == null模仿你的switch default
  • !permissionSet.isEmpty()处理您没有要求的特殊情况HomeAction
  • Set.removeAll()true如果通过删除传递给它的集合的所有元素来更改集合,则!access.removeAll(permissionSet)返回,true如果不access包含任何元素permissionSet
于 2013-10-26T11:44:32.673 回答