自定义jstl标签实现页面级的权限控制

一.准备

环境:maven

首先需要引入依赖

 <dependency>
            <groupId>javax.servlet.jsp.jstl</groupId>
            <artifactId>jstl-api</artifactId>
            <version>1.2</version>
        </dependency>

 二.重写jstl标签的要求

 　　1）编写一个实现Tag接口的java类（标签处理类）；

package cn.tms.util;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.tagext.BodyTagSupport;
import cn.tms.dao.IPrivilegeDAO;
import cn.tms.entity.Privilege;
import cn.tms.entity.Tms_User;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
//标签
public class AuthorizeTag  extends BodyTagSupport {
    //你提供一个用户名字，我给一个用户拥有的权限集合，并且操作是在权限的DAO中
        private IPrivilegeDAO privilegeDAO;
        private String URL;
        public String getURL() {  
            return URL;  
        }  
          
        public void setURL(String uRL) {  
            URL = uRL;  
        }  
        @Override  
        public int doStartTag() {
            // 如果URL不空就显示URL，否则就不显  
            if (null != URL) {
                getUserDao();
                HttpServletRequest request = (HttpServletRequest)pageContext.getRequest();
                Tms_User info=(Tms_User)request.getSession().getAttribute("userinfo");
                List<Privilege> list = privilegeDAO.findAllPrivilegebyUserid(info.getUserid());
                for (Privilege item : list) {
                    if(item.getUrl().equals(URL)){
                          //正确渲染该标签
                          return EVAL_BODY_INCLUDE;  
                    }
                }
              
            }  
            return this.SKIP_BODY;  
        }
        public void getUserDao() {
              WebApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(pageContext.getServletContext());
            privilegeDAO=(IPrivilegeDAO)applicationContext.getBean("IPrivilegeDAO");
        }

}

        2）编写标签库描述符（tld）文件，在tld文件中对标签处理类进行描述。

<?xml version="1.0" encoding="UTF-8" ?>  
<taglib xmlns="http://java.sun.com/xml/ns/javaee"  
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee   
    http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd"  
    version="2.1">  
    <description>  
    <![CDATA[security Tags]]>  
    </description>  
    <tlib-version>1.0</tlib-version>  
    <short-name>security</short-name>  
    <uri>http://www.springsecurity.org/jsp</uri>
    <tag>  
        <description>  
        <![CDATA[authorize Tag]]>  
        </description>  
        <name>authorize</name>  
        <tag-class>  
           cn.tms.util.AuthorizeTag
        </tag-class>  
        <body-content>JSP</body-content>  
        <attribute>  
            <name>URL</name>  
            <required>false</required>  
            <rtexprvalue>true</rtexprvalue>  
            <type>java.lang.String</type>  
        </attribute>  
    </tag>  
</taglib>  

三.页面使用

<%@taglib prefix="au" uri="http://www.springsecurity.org/jsp" %>

prefix：自定义标签头

uri：编写标签库描述符（tld）文件 中的uri一致

<au:authorize URL="/user/labWeekSet">
    <a href="/user/labWeekSet">添加</a>
</au:authorize>