yin_bp
- 浏览: 695120 次
- 性别:
- 来自: 长沙
-
文章分类
- 全部博客 (364)
- quick start (57)
- bboss aop (43)
- bboss mvc (48)
- bboss persistent (96)
- bboss taglib (30)
- bboss event (10)
- bbossgroups (52)
- bboss (32)
- bboss会话共享 (17)
- bboss rpc (7)
- bboss 国际化 (5)
- bboss 序列化 (9)
- bboss cxf webservice (8)
- bboss hessian (3)
- bboss 安全认证SSO (15)
- bboss 工作流 (6)
- 平台 (18)
- bboss quartz (3)
- 杂谈 (5)
- 大数据 (1)
- bboss elastic (24)
- bboss http (1)
- bboss kafka (1)
- Elasticsearch Scroll和Slice Scroll查询API使用案例 (1)
最新评论
-
qianhao123:
...
采用gradle构建和发布bboss方法介绍 -
qianhao123:
[img][/img]
采用gradle构建和发布bboss方法介绍 -
yin_bp:
欢迎大家参与working
高性能elasticsearch ORM开发库使用介绍 -
qq641879434:
万分感谢
bboss 持久层sql xml配置文件编写和加载方法介绍 -
yin_bp:
qq641879434 写道怎么设置配置文件 可以查看执行的S ...
bboss 持久层sql xml配置文件编写和加载方法介绍
本文以一个简单的实例来介绍bboss平台自定义资源权限控制使用方法。先定义一个资源类型,关联一操作组,操作组中定义的操作都关联了一组url,这些url访问权限与操作的权限一致,用户拥有操作的权限也就拥有了关联的url的权限(这样可以有效防止低权限用户);然后介绍如何通过安全组件在程序实现权限的检测功能。
1.定义资源类型和资源操作组并定义操作关联的url
在resources目录下新增一个resource-test.xml文件,在文件中添加资源类型和资源操作组:
resource-test.xml文件写好后需要配置到/resources/config-manager.xml文件中,以便平台启动时加载resource-test.xml定义的资源类型和资源操作信息。可以在resource-test.xml文件中配置多个资源类型。/resources/config-manager.xml装载资源文件实例如下:
2.资源授权界面
3.权限控制
接下来介绍在程序中如何进行权限控制。
java代码中的权限检测
在jsp中结合true/false标签来控制界面元素是否显示或者按钮是否带处理事件:
将其中的accesscontroler.checkPermission(resid, op.getId(), "cm")改为:
accesscontroler.checkPermission(resid, op.getId(), resourceType)试试
问题:
执行到OperationQueue operationQueue = resourceInfo.getOperationQueue();这个方法返回为空列表,for(int j = 0; j < operationQueue.size(); j ++)未执行了,获取不到操作:
OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
将其中的accesscontroler.checkPermission(resid, op.getId(), "cm")改为:
accesscontroler.checkPermission(resid, op.getId(), resourceType)试试
1.定义资源类型和资源操作组并定义操作关联的url
在resources目录下新增一个resource-test.xml文件,在文件中添加资源类型和资源操作组:
<?xml version="1.0" encoding="UTF-8"?>
<resources >
<!--
操作组定义:
定义系统资源的操作组,不同的资源类型涉及不同的操作组,操作组中定义同一类型的操作
-->
<group id="globaltestgroup" name="全局测试权限组" >
<operation id="read" priority="10" name="可读" >
<!--
操作对应的一系列url,如果用户没有操作的权限也就没有相应的url的访问权限,也就是说
没有操作的权限,在浏览器直接访问url,也无法访问
url可以有多个,同时可以为以下有效模式:
/test/testsss.jsp
/test/*.jsp
/test/**/*.jsp
-->
<authoration>
<url>/test/testopurlpermissionread.jsp</url>
<url>/test/b.jsp</url>
</authoration>
</operation>
<operation id="delete" priority="30" name="删除" >
<!--
url说明:
地址分两部分:
第一部分是url地址必选项/test/testopurlpermissiondelete.jsp
第二部分是json格式的参数,其中资源操作参数resource,必选项参数,resource参数值对应一个request请求参数名称,
对应的request参数值匹配一个资源标识,匹配url的资源操作权限资源标识必须和其保持一致,
参数required标识resource是否必须false表示如果url /test/testopurlpermissiondelete.jsp可以带资源码参数,也可以不带,
如果带了则按照resource匹配规则来控制url访问权限,true标识必须带资源码,如果没带直接阻止url访问。
-->
<authoration>
<url><![CDATA[/test/testopurlpermissiondelete.jsp{"resource":"orgCode"|"required":true}]]></url>
</authoration>
</operation>
</group>
<!-- 资源类型定义
system指定了资源关联的子系统标识,只有与资源类型关联后,在相应的子系统的权限管理中才会出现对应的资源类型,才能对资源类型中的资源对应的操作进行授权(可以对用户、机构、和角色进行授权)
-->
<resource id="testresource" name="测试资源" auto="false" system="cms,module">
<!--关联资源操作组-->
<operationgroup groupid="globaltestgroup"/>
<!-- 定义一个全局资源,并声明其关联的操作组 -->
<globaloperationgroup globalresourceid="globaltest" groupid="globaltestgroup"/>
</resource>
</resources>
resource-test.xml文件写好后需要配置到/resources/config-manager.xml文件中,以便平台启动时加载resource-test.xml定义的资源类型和资源操作信息。可以在resource-test.xml文件中配置多个资源类型。/resources/config-manager.xml装载资源文件实例如下:
<resources module="console" languages="zh_CN,en_US"> <resourcefile src="resource.xml" desc="公用权限授予资源配置文件"/> <resourcefile src="resources-sys.xml" desc="系统管理资源配置文件"/> <resourcefile src="resources-content.xml" desc="内容管理资源配置文件"/> <resourcefile src="resources-test.xml" desc="测试资源配置"/> </resources>
2.资源授权界面
3.权限控制
接下来介绍在程序中如何进行权限控制。
java代码中的权限检测
com.frameworkset.platform.security.AccessControl accesscontroler = com.frameworkset.platform.security.AccessControl.getAccessControl(); //获取平台当前用户会话对象
boolean hasdeletepermission = accesscontroler.checkPermission("globaltest",//资源id
"delete",//资源操作
"testresource"//资源类型
);//返回boolean值,true标识有权限,false标识没有权限
在jsp中结合true/false标签来控制界面元素是否显示或者按钮是否带处理事件:
<%
com.frameworkset.platform.security.AccessControl accesscontroler = com.frameworkset.platform.security.AccessControl.getAccessControl(); //获取平台当前用户会话对象
boolean hasdeletepermission = accesscontroler.checkPermission("globaltest",//资源id
"delete",//资源操作
"testresource"//资源类型
);//返回boolean值,true标识有权限,false标识没有权限
%>
<pg:true actual="<%=hasdeletepermission %>">
<a href="#" onclick="delteUse();">删除用户</a>
</pg:true>
<pg:false actual="<%=hasdeletepermission %>">
没有删除用户的权限
</pg:false>
- 大小: 74 KB
分享到:
评论
15 楼
ganggeliu
2015-03-23
接14楼:
参数URL为:
http://192.168.2.124:9090/shmp/pms/fm/PAD/uploaddownFileWithMultipartFile.page
服务端代码是你上次贴出的解决方法中就有的:
public @ResponseBody String uploaddownFileWithMultipartFile( MultipartFile picture,String name,String sex) throws IllegalStateException, IOException{
//设定要保存的服务器文件路径
File f = new File("E:/SIGNR/");
picture.transferTo(f); //将上传的文件保存到对应的服务器文件中
return "sucess";
}
客户端执行到
int statusCode = httpClient.executeMethod(httpPost);
报错信息如下:
03-23 15:29:48.313: E/MultipartRequestEntity(13196): An exception occurred while getting the length of the parts
03-23 15:29:48.313: E/MultipartRequestEntity(13196): java.lang.NullPointerException
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.Part.getLengthOfParts(Part.java:425)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity.getContentLength(MultipartRequestEntity.java:172)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.getRequestContentLength(EntityEnclosingMethod.java:336)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.addContentLengthRequestHeader(EntityEnclosingMethod.java:406)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.addRequestHeaders(EntityEnclosingMethod.java:374)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.writeRequestHeaders(HttpMethodBase.java:2177)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2060)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:345)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:246)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at com.bestride.fragment.CheckOutFragment$7.run(CheckOutFragment.java:372)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at java.lang.Thread.run(Thread.java:838)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): An exception occurred while getting the length of the parts
03-23 15:29:48.324: E/MultipartRequestEntity(13196): java.lang.NullPointerException
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.Part.getLengthOfParts(Part.java:425)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity.getContentLength(MultipartRequestEntity.java:172)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.getRequestContentLength(EntityEnclosingMethod.java:336)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:484)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:345)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:246)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at com.bestride.fragment.CheckOutFragment$7.run(CheckOutFragment.java:372)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at java.lang.Thread.run(Thread.java:838)
参数URL为:
http://192.168.2.124:9090/shmp/pms/fm/PAD/uploaddownFileWithMultipartFile.page
服务端代码是你上次贴出的解决方法中就有的:
public @ResponseBody String uploaddownFileWithMultipartFile( MultipartFile picture,String name,String sex) throws IllegalStateException, IOException{
//设定要保存的服务器文件路径
File f = new File("E:/SIGNR/");
picture.transferTo(f); //将上传的文件保存到对应的服务器文件中
return "sucess";
}
客户端执行到
int statusCode = httpClient.executeMethod(httpPost);
报错信息如下:
03-23 15:29:48.313: E/MultipartRequestEntity(13196): An exception occurred while getting the length of the parts
03-23 15:29:48.313: E/MultipartRequestEntity(13196): java.lang.NullPointerException
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.Part.getLengthOfParts(Part.java:425)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity.getContentLength(MultipartRequestEntity.java:172)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.getRequestContentLength(EntityEnclosingMethod.java:336)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.addContentLengthRequestHeader(EntityEnclosingMethod.java:406)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.addRequestHeaders(EntityEnclosingMethod.java:374)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.writeRequestHeaders(HttpMethodBase.java:2177)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2060)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:345)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:246)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at com.bestride.fragment.CheckOutFragment$7.run(CheckOutFragment.java:372)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at java.lang.Thread.run(Thread.java:838)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): An exception occurred while getting the length of the parts
03-23 15:29:48.324: E/MultipartRequestEntity(13196): java.lang.NullPointerException
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.Part.getLengthOfParts(Part.java:425)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity.getContentLength(MultipartRequestEntity.java:172)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.getRequestContentLength(EntityEnclosingMethod.java:336)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:484)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:345)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:246)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at com.bestride.fragment.CheckOutFragment$7.run(CheckOutFragment.java:372)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at java.lang.Thread.run(Thread.java:838)
14 楼
ganggeliu
2015-03-23
安卓客户端调用代码:
/**
* 公用post方法
*
* @param url
* @param params
* @param files
* @throws AppException
*/
public static String httpPostforString(String url, String cookie,
String userAgent, Map<String, Object> params,
Map<String, File> files) throws Exception {
// System.out.println("post_url==> "+url);
// String cookie = getCookie(appContext);
// String userAgent = getUserAgent(appContext);
HttpClient httpClient = null;
PostMethod httpPost = null;
Part[] parts = null;
NameValuePair[] paramPair = null;
if (files != null)
{
// post表单参数处理
int length = (params == null ? 0 : params.size())
+ (files == null ? 0 : files.size());
parts = new Part[length];
int i = 0;
if (params != null)
{
Iterator<Entry<String, Object>> it = params.entrySet().iterator();
while(it.hasNext()) {
Entry<String, Object> entry = it.next();
parts[i++] = new StringPart(entry.getKey(), String.valueOf(entry.getValue()), UTF_8);
// System.out.println("post_key==> "+name+" value==>"+String.valueOf(params.get(name)));
}
}
if (files != null)
{
Iterator<Entry<String, File>> it = files.entrySet().iterator();
while(it.hasNext()) {
Entry<String, File> entry = it.next();
try {
parts[i++] = new FilePart(entry.getKey(), entry.getValue());
} catch (FileNotFoundException e) {
e.printStackTrace();
}
// System.out.println("post_key_file==> "+file);
}
}
}
else if(params != null && params.size() > 0)
{
paramPair = new NameValuePair[params.size()];
Iterator<Entry<String, Object>> it = params.entrySet().iterator();
NameValuePair paramPair_ = null;
for(int i = 0; it.hasNext();i ++)
{
Entry<String, Object> entry = it.next();
paramPair_ = new NameValuePair();
paramPair_.setName(entry.getKey());
paramPair_.setValue(String.valueOf(entry.getValue()));
paramPair[i] = paramPair_;
}
}
String responseBody = "";
int time = 0;
do {
try {
httpClient = getHttpClient();
httpPost = getHttpPost(url, cookie, userAgent);
if (files != null)
{
httpPost.setRequestEntity(new MultipartRequestEntity(parts,
httpPost.getParams()));
}
else
{
httpPost.addParameters(paramPair);
}
int statusCode = httpClient.executeMethod(httpPost);
if (statusCode != HttpStatus.SC_OK) {
throw new HttpRuntimeException("请求异常:" + statusCode);
} else if (statusCode == HttpStatus.SC_OK) {
Cookie[] cookies = httpClient.getState().getCookies();
String tmpcookies = "";
for (Cookie ck : cookies) {
tmpcookies += ck.toString() + ";";
}
// //保存cookie
// if(appContext != null && tmpcookies != ""){
// appContext.setProperty("cookie", tmpcookies);
// appCookie = tmpcookies;
// }
}
responseBody = httpPost.getResponseBodyAsString();
// System.out.println("XMLDATA=====>"+responseBody);
break;
} catch (HttpException e) {
time++;
if (time < RETRY_TIME) {
try {
Thread.sleep(1000);
} catch (InterruptedException e1) {
}
continue;
}
// 发生致命的异常,可能是协议不对或者返回的内容有问题
throw new HttpRuntimeException("请求异常:", e);
} catch (IOException e) {
time++;
if (time < RETRY_TIME) {
try {
Thread.sleep(1000);
} catch (InterruptedException e1) {
}
continue;
}
// 发生网络异常
throw new HttpRuntimeException("请求异常:", e);
} finally {
// 释放连接
httpPost.releaseConnection();
httpClient = null;
}
} while (time < RETRY_TIME);
return responseBody;
// responseBody = responseBody.replaceAll("\\p{Cntrl}", "");
// if(responseBody.contains("result") &&
// responseBody.contains("errorCode") &&
// appContext.containsProperty("user.uid")){
// try {
// Result res = Result.parse(new
// ByteArrayInputStream(responseBody.getBytes()));
// if(res.getErrorCode() == 0){
// appContext.Logout();
// appContext.getUnLoginHandler().sendEmptyMessage(1);
// }
// } catch (Exception e) {
// e.printStackTrace();
// }
// }
// return new ByteArrayInputStream(responseBody.getBytes());
}
/**
* 公用post方法
*
* @param url
* @param params
* @param files
* @throws AppException
*/
public static String httpPostforString(String url, String cookie,
String userAgent, Map<String, Object> params,
Map<String, File> files) throws Exception {
// System.out.println("post_url==> "+url);
// String cookie = getCookie(appContext);
// String userAgent = getUserAgent(appContext);
HttpClient httpClient = null;
PostMethod httpPost = null;
Part[] parts = null;
NameValuePair[] paramPair = null;
if (files != null)
{
// post表单参数处理
int length = (params == null ? 0 : params.size())
+ (files == null ? 0 : files.size());
parts = new Part[length];
int i = 0;
if (params != null)
{
Iterator<Entry<String, Object>> it = params.entrySet().iterator();
while(it.hasNext()) {
Entry<String, Object> entry = it.next();
parts[i++] = new StringPart(entry.getKey(), String.valueOf(entry.getValue()), UTF_8);
// System.out.println("post_key==> "+name+" value==>"+String.valueOf(params.get(name)));
}
}
if (files != null)
{
Iterator<Entry<String, File>> it = files.entrySet().iterator();
while(it.hasNext()) {
Entry<String, File> entry = it.next();
try {
parts[i++] = new FilePart(entry.getKey(), entry.getValue());
} catch (FileNotFoundException e) {
e.printStackTrace();
}
// System.out.println("post_key_file==> "+file);
}
}
}
else if(params != null && params.size() > 0)
{
paramPair = new NameValuePair[params.size()];
Iterator<Entry<String, Object>> it = params.entrySet().iterator();
NameValuePair paramPair_ = null;
for(int i = 0; it.hasNext();i ++)
{
Entry<String, Object> entry = it.next();
paramPair_ = new NameValuePair();
paramPair_.setName(entry.getKey());
paramPair_.setValue(String.valueOf(entry.getValue()));
paramPair[i] = paramPair_;
}
}
String responseBody = "";
int time = 0;
do {
try {
httpClient = getHttpClient();
httpPost = getHttpPost(url, cookie, userAgent);
if (files != null)
{
httpPost.setRequestEntity(new MultipartRequestEntity(parts,
httpPost.getParams()));
}
else
{
httpPost.addParameters(paramPair);
}
int statusCode = httpClient.executeMethod(httpPost);
if (statusCode != HttpStatus.SC_OK) {
throw new HttpRuntimeException("请求异常:" + statusCode);
} else if (statusCode == HttpStatus.SC_OK) {
Cookie[] cookies = httpClient.getState().getCookies();
String tmpcookies = "";
for (Cookie ck : cookies) {
tmpcookies += ck.toString() + ";";
}
// //保存cookie
// if(appContext != null && tmpcookies != ""){
// appContext.setProperty("cookie", tmpcookies);
// appCookie = tmpcookies;
// }
}
responseBody = httpPost.getResponseBodyAsString();
// System.out.println("XMLDATA=====>"+responseBody);
break;
} catch (HttpException e) {
time++;
if (time < RETRY_TIME) {
try {
Thread.sleep(1000);
} catch (InterruptedException e1) {
}
continue;
}
// 发生致命的异常,可能是协议不对或者返回的内容有问题
throw new HttpRuntimeException("请求异常:", e);
} catch (IOException e) {
time++;
if (time < RETRY_TIME) {
try {
Thread.sleep(1000);
} catch (InterruptedException e1) {
}
continue;
}
// 发生网络异常
throw new HttpRuntimeException("请求异常:", e);
} finally {
// 释放连接
httpPost.releaseConnection();
httpClient = null;
}
} while (time < RETRY_TIME);
return responseBody;
// responseBody = responseBody.replaceAll("\\p{Cntrl}", "");
// if(responseBody.contains("result") &&
// responseBody.contains("errorCode") &&
// appContext.containsProperty("user.uid")){
// try {
// Result res = Result.parse(new
// ByteArrayInputStream(responseBody.getBytes()));
// if(res.getErrorCode() == 0){
// appContext.Logout();
// appContext.getUnLoginHandler().sendEmptyMessage(1);
// }
// } catch (Exception e) {
// e.printStackTrace();
// }
// }
// return new ByteArrayInputStream(responseBody.getBytes());
}
13 楼
yin_bp
2015-01-05
12 楼
yin_bp
2015-01-05
提供一个建议,客户端可以参考HttpReqeust中的
https://github.com/bbossgroups/bbossgroups-3.5/blob/master/bboss-rpc/src-http/org/frameworkset/spi/remote/http/HttpReqeust.java
方法来写:
public static String httpPostforString(String url, String cookie,
String userAgent, Map<String, Object> params,
Map<String, File> files) throws Exception
服务端参考文档评论:
http://yin-bp.iteye.com/blog/1130035#comments
https://github.com/bbossgroups/bbossgroups-3.5/blob/master/bboss-rpc/src-http/org/frameworkset/spi/remote/http/HttpReqeust.java
方法来写:
public static String httpPostforString(String url, String cookie,
String userAgent, Map<String, Object> params,
Map<String, File> files) throws Exception
服务端参考文档评论:
http://yin-bp.iteye.com/blog/1130035#comments
11 楼
ganggeliu
2015-01-05
服务器端代码也贴出来:
public class PADAction extends HotelAction{
private IFMService service;
private IFMCommonService commservice;
private IFMCashService cashservice;
/**
* 结帐(结帐退房),保存签名图片
* Constants.SIGN_SAVE_DIR 是存放目录
* @return
*/
public @ResponseBody String app_post_fm_co_signpicture(HttpServletRequest request,HttpServletResponse response) {
String messageCode = "";// 状态码
String messageInfo = "";// 状态信息
JSONObject jsonObject = new JSONObject();// 返回给PAD的JSON格式对象
try{
request.setCharacterEncoding("utf-8");
//获得磁盘文件条目工厂。
DiskFileItemFactory factory = new DiskFileItemFactory();
//获取文件上传需要保存的路径,upload文件夹需存在。
String path = request.getSession().getServletContext().getRealPath(Constants.SIGN_SAVE_DIR);
//设置暂时存放文件的存储室,这个存储室可以和最终存储文件的文件夹不同。因为当文件很大的话会占用过多内存所以设置存储室。
factory.setRepository(new File(path));
//设置缓存的大小,当上传文件的容量超过缓存时,就放到暂时存储室。
factory.setSizeThreshold(1024*1024);
//上传处理工具类(高水平API上传处理?)
ServletFileUpload upload = new ServletFileUpload(factory);
//调用 parseRequest(request)方法 获得上传文件 FileItem 的集合list 可实现多文件上传。
List<FileItem> list = (List<FileItem>)upload.parseRequest(request);
for(FileItem item:list){
//获取表单属性名字。
String name = item.getFieldName();
//如果获取的表单信息是普通的文本信息。即通过页面表单形式传递来的字符串。
if(item.isFormField()){
//获取用户具体输入的字符串,
String value = item.getString();
request.setAttribute(name, value);
}
//如果传入的是非简单字符串,而是图片,音频,视频等二进制文件。
else{
//获取路径名
String value = item.getName();
//取到最后一个反斜杠。
int start = value.lastIndexOf("\\");
//截取上传文件的 字符串名字。+1是去掉反斜杠。
String filename = value.substring(start+1);
request.setAttribute(name, filename);
/*第三方提供的方法直接写到文件中。
* item.write(new File(path,filename));*/
//收到写到接收的文件中。
OutputStream out = new FileOutputStream(new File(path,filename));
InputStream in = item.getInputStream();
int length = 0;
byte[] buf = new byte[1024];
System.out.println("获取文件总量的容量:"+ item.getSize());
while((length = in.read(buf))!=-1){
out.write(buf,0,length);
}
in.close();
out.close();
}
}
messageCode = FMUtil.STATE_20;
}catch(Exception e){
messageCode = FMUtil.STATE_40;
messageInfo = e.getMessage();
e.printStackTrace();
}
jsonObject.put("message_code", messageCode);
jsonObject.put("message_info", messageInfo);
return jsonObject.toString();
}
private String readJSONString(HttpServletRequest request) throws Exception{
StringBuffer json = new StringBuffer();
request.setCharacterEncoding("UTF-8");
String line = null;
try {
BufferedReader reader = request.getReader();
while((line = reader.readLine()) != null) {
json.append(line);
}
}catch(Exception ex) {
throw ex;
}
return json.toString();
}
}
public class PADAction extends HotelAction{
private IFMService service;
private IFMCommonService commservice;
private IFMCashService cashservice;
/**
* 结帐(结帐退房),保存签名图片
* Constants.SIGN_SAVE_DIR 是存放目录
* @return
*/
public @ResponseBody String app_post_fm_co_signpicture(HttpServletRequest request,HttpServletResponse response) {
String messageCode = "";// 状态码
String messageInfo = "";// 状态信息
JSONObject jsonObject = new JSONObject();// 返回给PAD的JSON格式对象
try{
request.setCharacterEncoding("utf-8");
//获得磁盘文件条目工厂。
DiskFileItemFactory factory = new DiskFileItemFactory();
//获取文件上传需要保存的路径,upload文件夹需存在。
String path = request.getSession().getServletContext().getRealPath(Constants.SIGN_SAVE_DIR);
//设置暂时存放文件的存储室,这个存储室可以和最终存储文件的文件夹不同。因为当文件很大的话会占用过多内存所以设置存储室。
factory.setRepository(new File(path));
//设置缓存的大小,当上传文件的容量超过缓存时,就放到暂时存储室。
factory.setSizeThreshold(1024*1024);
//上传处理工具类(高水平API上传处理?)
ServletFileUpload upload = new ServletFileUpload(factory);
//调用 parseRequest(request)方法 获得上传文件 FileItem 的集合list 可实现多文件上传。
List<FileItem> list = (List<FileItem>)upload.parseRequest(request);
for(FileItem item:list){
//获取表单属性名字。
String name = item.getFieldName();
//如果获取的表单信息是普通的文本信息。即通过页面表单形式传递来的字符串。
if(item.isFormField()){
//获取用户具体输入的字符串,
String value = item.getString();
request.setAttribute(name, value);
}
//如果传入的是非简单字符串,而是图片,音频,视频等二进制文件。
else{
//获取路径名
String value = item.getName();
//取到最后一个反斜杠。
int start = value.lastIndexOf("\\");
//截取上传文件的 字符串名字。+1是去掉反斜杠。
String filename = value.substring(start+1);
request.setAttribute(name, filename);
/*第三方提供的方法直接写到文件中。
* item.write(new File(path,filename));*/
//收到写到接收的文件中。
OutputStream out = new FileOutputStream(new File(path,filename));
InputStream in = item.getInputStream();
int length = 0;
byte[] buf = new byte[1024];
System.out.println("获取文件总量的容量:"+ item.getSize());
while((length = in.read(buf))!=-1){
out.write(buf,0,length);
}
in.close();
out.close();
}
}
messageCode = FMUtil.STATE_20;
}catch(Exception e){
messageCode = FMUtil.STATE_40;
messageInfo = e.getMessage();
e.printStackTrace();
}
jsonObject.put("message_code", messageCode);
jsonObject.put("message_info", messageInfo);
return jsonObject.toString();
}
private String readJSONString(HttpServletRequest request) throws Exception{
StringBuffer json = new StringBuffer();
request.setCharacterEncoding("UTF-8");
String line = null;
try {
BufferedReader reader = request.getReader();
while((line = reader.readLine()) != null) {
json.append(line);
}
}catch(Exception ex) {
throw ex;
}
return json.toString();
}
}
10 楼
ganggeliu
2015-01-05
Android客户端上传文件到WEB服务器失败,con.connect();处抛出异常,HttpURLConnection连接失败,应属于地址无效。上传文件代码如下:
public static void uploadFile(String fileName){
String end ="\r\n";
String twoHyphens ="--";
String boundary ="*****";
try {
URL url =new URL("http://192.168.2.153:9090/shmp/pms/fm/PAD/app_post_fm_co_signpicture.page");//actionUrl);
HttpURLConnection con=(HttpURLConnection)url.openConnection();
/* 允许Input、Output,不使用Cache */
con.setDoInput(true);
con.setDoOutput(true);
con.setUseCaches(false);
/* 设置传送的method=POST */
con.setRequestMethod("POST");
/* setRequestProperty */
con.setRequestProperty("Connection", "Keep-Alive");
con.setRequestProperty("Charset", "UTF-8");
con.setRequestProperty("Content-Type",
"multipart/form-data;boundary="+boundary);
con.connect();
/* 设置DataOutputStream */
DataOutputStream ds =
new DataOutputStream(con.getOutputStream());
// OutputStream ds = con.getOutputStream();
ds.writeBytes(twoHyphens + boundary + end);
ds.writeBytes("Content-Disposition: form-data; "+
"name=\""+fileName+"\";filename=\""+
newName +"\""+ end);
ds.writeBytes(end);
/* 取得文件的FileInputStream */
FileInputStream fStream =new FileInputStream(uploadFile);
/* 设置每次写入1024bytes */
int holeLength = fStream.available();
int loadlength = 0;
int bufferSize =1024; /* 从文件读取数据至缓冲区 */
byte[] buffer =new byte[bufferSize];
int length =-1;
/* 从文件读取数据至缓冲区 */
while((length = fStream.read(buffer)) !=-1){
/* 将资料写入DataOutputStream中 */
loadlength = loadlength + length;
if(listener != null){
listener.loadPercent(loadlength, holeLength);
}
ds.write(buffer, 0, length);
}
ds.writeBytes(end);
ds.writeBytes(twoHyphens + boundary + twoHyphens + end);
/* close streams */
fStream.close();
ds.flush();
/* 取得Response内容 */
InputStream is = con.getInputStream();
int ch;
StringBuffer b =new StringBuffer();
while( ( ch = is.read() ) !=-1 ) {
b.append( (char)ch );
}
if(listener != null){
listener.loadSuccess();
}
ds.close();
} catch(Exception e) {
Log.e("ImageUpload", e.getMessage());
if(listener != null){
listener.loadFailed();
}
}
}
public static void uploadFile(String fileName){
String end ="\r\n";
String twoHyphens ="--";
String boundary ="*****";
try {
URL url =new URL("http://192.168.2.153:9090/shmp/pms/fm/PAD/app_post_fm_co_signpicture.page");//actionUrl);
HttpURLConnection con=(HttpURLConnection)url.openConnection();
/* 允许Input、Output,不使用Cache */
con.setDoInput(true);
con.setDoOutput(true);
con.setUseCaches(false);
/* 设置传送的method=POST */
con.setRequestMethod("POST");
/* setRequestProperty */
con.setRequestProperty("Connection", "Keep-Alive");
con.setRequestProperty("Charset", "UTF-8");
con.setRequestProperty("Content-Type",
"multipart/form-data;boundary="+boundary);
con.connect();
/* 设置DataOutputStream */
DataOutputStream ds =
new DataOutputStream(con.getOutputStream());
// OutputStream ds = con.getOutputStream();
ds.writeBytes(twoHyphens + boundary + end);
ds.writeBytes("Content-Disposition: form-data; "+
"name=\""+fileName+"\";filename=\""+
newName +"\""+ end);
ds.writeBytes(end);
/* 取得文件的FileInputStream */
FileInputStream fStream =new FileInputStream(uploadFile);
/* 设置每次写入1024bytes */
int holeLength = fStream.available();
int loadlength = 0;
int bufferSize =1024; /* 从文件读取数据至缓冲区 */
byte[] buffer =new byte[bufferSize];
int length =-1;
/* 从文件读取数据至缓冲区 */
while((length = fStream.read(buffer)) !=-1){
/* 将资料写入DataOutputStream中 */
loadlength = loadlength + length;
if(listener != null){
listener.loadPercent(loadlength, holeLength);
}
ds.write(buffer, 0, length);
}
ds.writeBytes(end);
ds.writeBytes(twoHyphens + boundary + twoHyphens + end);
/* close streams */
fStream.close();
ds.flush();
/* 取得Response内容 */
InputStream is = con.getInputStream();
int ch;
StringBuffer b =new StringBuffer();
while( ( ch = is.read() ) !=-1 ) {
b.append( (char)ch );
}
if(listener != null){
listener.loadSuccess();
}
ds.close();
} catch(Exception e) {
Log.e("ImageUpload", e.getMessage());
if(listener != null){
listener.loadFailed();
}
}
}
9 楼
yin_bp
2014-11-25
默认快捷菜单树中没有勾中选择的菜单,修改以下文件中树标签内容:
/desktop/deskmenu.jsp
其中增加了<tree:param name="customtype" />这个设置即可。
/desktop/deskmenu.jsp
<tree:tree tree="role_column_tree" node="role_column_tree.node" imageFolder="/sysmanager/images/tree_images" collapse="true" includeRootNode="false" mode="static-dynamic"> <tree:param name="customtype" /> <tree:checkbox name="menupath" /> <tree:treedata treetype="com.frameworkset.platform.esb.datareuse.common.action.DeskTopMenuTree" scope="request" rootid="0" rootName="菜单管理" expandLevel="1" showRootHref="false" sortable="false" needObserver="false" refreshNode="false" enablecontextmenu="false" /> </tree:tree>
其中增加了<tree:param name="customtype" />这个设置即可。
8 楼
ganggeliu
2014-11-25
快捷菜单代码参考:
/**
* 获取快捷方式菜单
* @param request
* @param urltype
* @return
* @throws Exception
*/
public @ResponseBody(datatype="json") List<MenuItemU> getCustomMenus(HttpServletRequest request,String urltype) throws Exception
{
AccessControl control = AccessControl.getAccessControl();
List<DeskTopMenuBean> list = deskTopMenuShorcutManager.getUserDeskMenus(control.getUserID(),control.getCurrentSystemID());
if(list == null || list.size() == 0){
list = deskTopMenuShorcutManager.getUserDeskMenus("-1",control.getCurrentSystemID());
}
List<MenuItemU> listreturn=new ArrayList<MenuItemU>();
Framework frame = Framework.getInstance(control.getCurrentSystemID());
if (list != null && list.size() > 0) {
for(int i=0;i<list.size();i++){
DeskTopMenuBean deskTopMenuBean = list.get(i);
BaseMenuItem item_=(BaseMenuItem)frame.getMenuByPath(deskTopMenuBean.getMenupath());
if(item_ == null || !item_.isUsed() || item_ instanceof Module)
continue;
if(!control.checkPermission(item_.getId(), "visible", "column"))
continue;
Item item = (Item)item_;
String contextpath = request.getContextPath();
String url = null;
String area = item.getArea();
if(area != null && area.equals("main"))
{
url = MenuHelper.getMainUrl(contextpath, item,
(java.util.Map) null);
}
else
{
url = MenuHelper.getRealUrl(contextpath, Framework.getWorkspaceContent(item,control),MenuHelper.sanymenupath_menuid,item.getId());
}
MenuItemU menuItemU = new MenuItemU();
menuItemU.setId(item.getId());
menuItemU.setName(item.getName(request));
menuItemU.setImageUrl(item.getMouseclickimg(request));
menuItemU.setPathU(url);
menuItemU.setType("item");
menuItemU.setDesktop_height(item.getDesktop_height());
menuItemU.setDesktop_width(item.getDesktop_width());
listreturn.add(menuItemU);
}
}
return listreturn;
}
/**
* 获取快捷方式菜单
* @param request
* @param urltype
* @return
* @throws Exception
*/
public @ResponseBody(datatype="json") List<MenuItemU> getCustomMenus(HttpServletRequest request,String urltype) throws Exception
{
AccessControl control = AccessControl.getAccessControl();
List<DeskTopMenuBean> list = deskTopMenuShorcutManager.getUserDeskMenus(control.getUserID(),control.getCurrentSystemID());
if(list == null || list.size() == 0){
list = deskTopMenuShorcutManager.getUserDeskMenus("-1",control.getCurrentSystemID());
}
List<MenuItemU> listreturn=new ArrayList<MenuItemU>();
Framework frame = Framework.getInstance(control.getCurrentSystemID());
if (list != null && list.size() > 0) {
for(int i=0;i<list.size();i++){
DeskTopMenuBean deskTopMenuBean = list.get(i);
BaseMenuItem item_=(BaseMenuItem)frame.getMenuByPath(deskTopMenuBean.getMenupath());
if(item_ == null || !item_.isUsed() || item_ instanceof Module)
continue;
if(!control.checkPermission(item_.getId(), "visible", "column"))
continue;
Item item = (Item)item_;
String contextpath = request.getContextPath();
String url = null;
String area = item.getArea();
if(area != null && area.equals("main"))
{
url = MenuHelper.getMainUrl(contextpath, item,
(java.util.Map) null);
}
else
{
url = MenuHelper.getRealUrl(contextpath, Framework.getWorkspaceContent(item,control),MenuHelper.sanymenupath_menuid,item.getId());
}
MenuItemU menuItemU = new MenuItemU();
menuItemU.setId(item.getId());
menuItemU.setName(item.getName(request));
menuItemU.setImageUrl(item.getMouseclickimg(request));
menuItemU.setPathU(url);
menuItemU.setType("item");
menuItemU.setDesktop_height(item.getDesktop_height());
menuItemU.setDesktop_width(item.getDesktop_width());
listreturn.add(menuItemU);
}
}
return listreturn;
}
7 楼
ganggeliu
2014-11-25
非超级管理员用户登录后,该用户自己未设置快捷菜单,应该默认获取超级管理员设置的快捷菜单,现在非超级管理员获取快捷菜单数量不正确:
用超级管理员admin登录,在“桌面快捷管理”中设置快捷菜单,比如设置4个菜单:宾客、团队、房态图、客户单位管理后,调用getCustomMenus(HttpServletRequest request,String urltype)方法,可正常获取以上4个菜单,其中urltype=1 ;
用其他用户zouyi登录,该用户有以上4个菜单的权限,未单独设置桌面快捷菜单,调用getCustomMenus方法,应该也能获取到以上4个菜单,但只获取到宾客、团队2个菜单。
进入getCustomMenus方法调试发现:
用admin登录,执行方法List<DeskTopMenuBean> list = deskTopMenuShorcutManager.getUserDeskMenus(control.getUserID(),control.getCurrentSystemID());
list返回以上4个菜单;
用zouyi登录,执行方法list = deskTopMenuShorcutManager.getUserDeskMenus("-1",control.getCurrentSystemID());
list返回2个菜单;
用超级管理员admin登录,在“桌面快捷管理”中设置快捷菜单,比如设置4个菜单:宾客、团队、房态图、客户单位管理后,调用getCustomMenus(HttpServletRequest request,String urltype)方法,可正常获取以上4个菜单,其中urltype=1 ;
用其他用户zouyi登录,该用户有以上4个菜单的权限,未单独设置桌面快捷菜单,调用getCustomMenus方法,应该也能获取到以上4个菜单,但只获取到宾客、团队2个菜单。
进入getCustomMenus方法调试发现:
用admin登录,执行方法List<DeskTopMenuBean> list = deskTopMenuShorcutManager.getUserDeskMenus(control.getUserID(),control.getCurrentSystemID());
list返回以上4个菜单;
用zouyi登录,执行方法list = deskTopMenuShorcutManager.getUserDeskMenus("-1",control.getCurrentSystemID());
list返回2个菜单;
6 楼
yin_bp
2014-10-28
将getResourcePermissions方法的内容改为一下方法定义:
public static Map<String,List<String>> getResourcePermissions(AccessControl accesscontroler,String resourceType) throws Exception
{
Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
if(cmresources == null)
{
cmresources = new ArrayList<String>();
}
ResourceManager resourceManager = new ResourceManager();
ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
if(resourceInfo == null)
return cmPermissions;
OperationQueue operationQueue = resourceInfo.getOperationQueue();
for(int i = 0; operationQueue != null && operationQueue.size() > 0 && i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(resid, op.getId(), resourceType))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(resid, ops);
}
String globalid = resourceInfo.getGlobalresourceid();
if(StringUtil.isNotEmpty(globalid))
{
operationQueue = resourceInfo.getGlobalOperationQueue();
List<String> ops = new ArrayList<String>();
for(int j = 0; operationQueue != null && operationQueue.size() > 0 &&j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(globalid, op.getId(), resourceType))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(globalid, ops);
}
return cmPermissions;
}
5 楼
ljthinkpad
2014-10-28
yin_bp 写道
ljthinkpad 写道
public static Map<String,List<String>> getResourcePermissions(AccessControl accesscontroler,String resourceType) throws Exception
{
Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
if(cmresources == null)
{
cmresources = new ArrayList<String>();
}
ResourceManager resourceManager = new ResourceManager();
ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
if(resourceInfo == null)
return cmPermissions;
String globalid = resourceInfo.getGlobalresourceid();
if(StringUtil.isNotEmpty(globalid))
{
cmresources.add(globalid);
}
OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(resid, op.getId(), "cm"))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(resid, ops);
}
return cmPermissions;
}
{
Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
if(cmresources == null)
{
cmresources = new ArrayList<String>();
}
ResourceManager resourceManager = new ResourceManager();
ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
if(resourceInfo == null)
return cmPermissions;
String globalid = resourceInfo.getGlobalresourceid();
if(StringUtil.isNotEmpty(globalid))
{
cmresources.add(globalid);
}
OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(resid, op.getId(), "cm"))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(resid, ops);
}
return cmPermissions;
}
将其中的accesscontroler.checkPermission(resid, op.getId(), "cm")改为:
accesscontroler.checkPermission(resid, op.getId(), resourceType)试试
问题:
执行到OperationQueue operationQueue = resourceInfo.getOperationQueue();这个方法返回为空列表,for(int j = 0; j < operationQueue.size(); j ++)未执行了,获取不到操作:
OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
4 楼
yin_bp
2014-10-28
ljthinkpad 写道
public static Map<String,List<String>> getResourcePermissions(AccessControl accesscontroler,String resourceType) throws Exception
{
Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
if(cmresources == null)
{
cmresources = new ArrayList<String>();
}
ResourceManager resourceManager = new ResourceManager();
ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
if(resourceInfo == null)
return cmPermissions;
String globalid = resourceInfo.getGlobalresourceid();
if(StringUtil.isNotEmpty(globalid))
{
cmresources.add(globalid);
}
OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(resid, op.getId(), "cm"))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(resid, ops);
}
return cmPermissions;
}
{
Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
if(cmresources == null)
{
cmresources = new ArrayList<String>();
}
ResourceManager resourceManager = new ResourceManager();
ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
if(resourceInfo == null)
return cmPermissions;
String globalid = resourceInfo.getGlobalresourceid();
if(StringUtil.isNotEmpty(globalid))
{
cmresources.add(globalid);
}
OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(resid, op.getId(), "cm"))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(resid, ops);
}
return cmPermissions;
}
将其中的accesscontroler.checkPermission(resid, op.getId(), "cm")改为:
accesscontroler.checkPermission(resid, op.getId(), resourceType)试试
3 楼
ljthinkpad
2014-10-28
public static Map<String,List<String>> getResourcePermissions(AccessControl accesscontroler,String resourceType) throws Exception
{
Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
if(cmresources == null)
{
cmresources = new ArrayList<String>();
}
ResourceManager resourceManager = new ResourceManager();
ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
if(resourceInfo == null)
return cmPermissions;
String globalid = resourceInfo.getGlobalresourceid();
if(StringUtil.isNotEmpty(globalid))
{
cmresources.add(globalid);
}
OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(resid, op.getId(), "cm"))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(resid, ops);
}
return cmPermissions;
}
{
Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
if(cmresources == null)
{
cmresources = new ArrayList<String>();
}
ResourceManager resourceManager = new ResourceManager();
ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
if(resourceInfo == null)
return cmPermissions;
String globalid = resourceInfo.getGlobalresourceid();
if(StringUtil.isNotEmpty(globalid))
{
cmresources.add(globalid);
}
OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(resid, op.getId(), "cm"))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(resid, ops);
}
return cmPermissions;
}
2 楼
yin_bp
2014-10-28
把PermissionUtil.getResourcePermissions方法的代码贴出来给我看看
1 楼
ljthinkpad
2014-10-28
我在resources-pms.xml中如下定义:
<?xml version="1.0" encoding="UTF-8"?>
<resources>
<!-- 餐饮管理模块开始-->
<!-- 餐饮管理模块操作 开始-->
<group id="pad_cm_order_act" name="移动点餐">
<operation id="givedish" priority="10" name="赠菜" />
<operation id="returndish" priority="20" name="退菜" />
</group>
<!-- 餐饮管理添加的资源 开始-->
<resource id="pad_cm_order_res" name="餐饮管理>移动点餐" auto="false" maintaindata="true" system="module">
<globaloperationgroup globalresourceid="global_pad_cm_order" groupid="pad_cm_order_act"/>
</resource>
<!-- 餐饮管理模块 结束 -->
<!-- 销售管理模块 开始-->
<!-- 销售管理模块操作 开始-->
<group id="sd_custunit_act" name="客户单位管理">
<operation id="addButton" priority="20" name="新增" >
<authoration>
<url>/pms/sd/custunit/custUnitBeforeAdd.page</url>
</authoration>
</operation>
<operation id="editButton" priority="20" name="修改" >
<authoration>
<url>/pms/sd/custunit/custUnitSelectById.page</url>
</authoration>
</operation>
<operation id="viewButton" priority="20" name="查看" >
<authoration>
<url>/pms/sd/custunit/custUnitSelectById.page</url>
</authoration>
</operation>
</group>
<group id="sd_custperf_act" name="客户单位业绩">
<operation id="queryButton" priority="10" name="查询" />
</group>
<!-- 销售管理添加的资源 开始-->
<resource id="sd_custunit_res" name="销售管理>客户单位管理" auto="false" maintaindata="true" system="module">
<globaloperationgroup globalresourceid="global_sd_custunit" groupid="sd_custunit_act"/>
</resource>
<!-- 销售管理模块 结束-->
</resources>
然后资源管理树中可显示资源类型列表:
餐饮管理>移动点餐
销售管理>客户单位管理
在全局资源中admin默认拥有赠菜、退菜权限操作;
在平板中调用如下:
AccessControl accesscontroler = AccessControl.getInstance();
accesscontroler.login(request, response,username, password);
Map<String,List<String>> cmPermissions = PermissionUtil.getResourcePermissions( accesscontroler,"sd_custunit_res");
loginEntity.setCmPermissions(cmPermissions);
调用getResourcePermissions方法发现select title from td_sm_res where restype_id='sd_custunit_res'表数据为空
<?xml version="1.0" encoding="UTF-8"?>
<resources>
<!-- 餐饮管理模块开始-->
<!-- 餐饮管理模块操作 开始-->
<group id="pad_cm_order_act" name="移动点餐">
<operation id="givedish" priority="10" name="赠菜" />
<operation id="returndish" priority="20" name="退菜" />
</group>
<!-- 餐饮管理添加的资源 开始-->
<resource id="pad_cm_order_res" name="餐饮管理>移动点餐" auto="false" maintaindata="true" system="module">
<globaloperationgroup globalresourceid="global_pad_cm_order" groupid="pad_cm_order_act"/>
</resource>
<!-- 餐饮管理模块 结束 -->
<!-- 销售管理模块 开始-->
<!-- 销售管理模块操作 开始-->
<group id="sd_custunit_act" name="客户单位管理">
<operation id="addButton" priority="20" name="新增" >
<authoration>
<url>/pms/sd/custunit/custUnitBeforeAdd.page</url>
</authoration>
</operation>
<operation id="editButton" priority="20" name="修改" >
<authoration>
<url>/pms/sd/custunit/custUnitSelectById.page</url>
</authoration>
</operation>
<operation id="viewButton" priority="20" name="查看" >
<authoration>
<url>/pms/sd/custunit/custUnitSelectById.page</url>
</authoration>
</operation>
</group>
<group id="sd_custperf_act" name="客户单位业绩">
<operation id="queryButton" priority="10" name="查询" />
</group>
<!-- 销售管理添加的资源 开始-->
<resource id="sd_custunit_res" name="销售管理>客户单位管理" auto="false" maintaindata="true" system="module">
<globaloperationgroup globalresourceid="global_sd_custunit" groupid="sd_custunit_act"/>
</resource>
<!-- 销售管理模块 结束-->
</resources>
然后资源管理树中可显示资源类型列表:
餐饮管理>移动点餐
销售管理>客户单位管理
在全局资源中admin默认拥有赠菜、退菜权限操作;
在平板中调用如下:
AccessControl accesscontroler = AccessControl.getInstance();
accesscontroler.login(request, response,username, password);
Map<String,List<String>> cmPermissions = PermissionUtil.getResourcePermissions( accesscontroler,"sd_custunit_res");
loginEntity.setCmPermissions(cmPermissions);
调用getResourcePermissions方法发现select title from td_sm_res where restype_id='sd_custunit_res'表数据为空
发表评论
-
bboss平台部门管理员配置指南
2018-01-21 22:39 1248bboss平台部门管理员配置指南 第一部分 为部门分配管理员 ... -
bboss新版开发平台开发环境搭建和代码生成工具使用视频教程
2017-02-12 09:31 4485bboss新版开发平台开发环境搭建和代码生成工具使用视频教程 ... -
如何快速高效地开发和调试基于gradle管理的web应用
2016-09-28 23:39 1475本文探讨如何高效快速地开发和调试基于gradle管理的web应 ... -
bboss平台子系统切换方法
2016-06-29 20:24 1046bboss平台子系统切换方法 用户登录bboss平台后,可以 ... -
bboss 令牌和凭证redis存储机制配置
2016-03-29 20:42 1388bboss 提供了四种令牌和凭证存储机制: 内存 不能在集 ... -
bboss 票据实现系统SSO功能介绍
2016-03-10 16:50 1695测试环境应用账号: app ... -
平台主要配置文件一览表
2016-01-31 22:58 984平台主要配置文件一览表 相关文档的 ... -
平台系统管理用户和机构以及用户角色初始化操作指南
2015-12-30 22:17 2166摘要 平台系统管理用户和机构以及用户角色初始化操作指南 ... -
bboss平台子系统配置及系统登录以及其它常用配置介绍
2015-09-29 12:16 2154bboss平台子系统配置及系统登录以及其它常用配置介绍 bb ... -
bboss平台demo开发详解
2015-09-07 22:25 1217bboss,开发平台,demo详解 ... -
bboss内容管理模板宏用法介绍
2015-08-11 22:41 835bboss内容管理模板宏用法介绍 本文介绍bboss内容管理模 ... -
bboss内容管理outline标签嵌套使用方法示例
2015-08-11 22:26 794bboss内容管理outline标签嵌套使用方法示例 bbo ... -
基于bboss开发平台eclipse开发工程生成工具介绍
2015-07-26 22:17 5748基于bboss开发平台eclipse开发工程生成工具介绍 一 ... -
平台中用户查找、用户角色查询、用户权限查询、部门管理设置方法
2015-03-25 15:33 14761.平台中用户查找 菜单导航路径 系统管理-权限管理-用户和 ... -
平台字典标签使用方法
2014-10-16 13:03 1332平台字典标签使用方法: 导入标签定义文件: <%@ ta ... -
平台登录账号口令加密机制设置方法
2014-10-13 16:35 1144平台登录账号口令加密机制设置方法 平台加密机制: ... -
bboss安全认证过滤器认证后重定向到请求页面功能介绍
2014-10-12 10:55 1341本文介绍bboss安全认证 ... -
平台日志组件使用介绍
2014-09-30 08:52 932平台日志组件使用介绍 需要导入的类: import com.f ... -
平台登录插件开发和配置
2014-09-04 12:22 1318新版本平台登录插件开发和配置 编写自己的插件,以便在登录后执行 ... -
bboss跨站攻击白名单和脚本攻击防火墙配置
2014-08-01 09:56 1107本文详细介绍bboss跨站攻击白名单和跨站脚本攻击防火墙配置 ...
相关推荐
在 SAP 系统中,权限检查是一项重要的安全机制,用于控制用户对系统资源的访问权限。通过自定义函数进行控制检查,可以更好地实现权限管理。下面将详细介绍权限检查的知识点: 1. 创建权限对象字段(SU20) 在 SAP...
在本文中,我们将深入探讨如何在ASP.NET MVC框架中实现自定义权限控制。标题提到的"MVC自定义权限控制示例代码"是一个很好的起点,它展示了如何通过继承`AuthorizeAttribute`来扩展MVC的安全功能。这个小样例可以...
而自定义标签和注解的引入,则是为了解决Shiro可能存在的定制化需求,使权限控制更加贴合项目的实际需求。 首先,自定义注解允许开发者在代码层面上标注需要进行权限检查的方法或类。例如,可以创建一个名为`@...
而Java权限认证是确保系统安全的重要机制,它允许我们控制用户对特定资源的访问权限。当我们谈论"Cognos自定义Java权限认证"时,我们实际上是在讨论如何在Cognos环境中集成自定义的Java安全认证模块,以满足特定的...
Spring Boot 通过 AOP 和自定义注解实现权限控制的方法 在本文中,我们将探讨如何使用 Spring Boot 通过 Aspect-Oriented Programming(AOP)和自定义注解来实现权限控制。权限控制是任何应用程序的重要组件,它...
Cognos是一款强大的商业智能和分析平台,常用于企业级数据报表、数据分析和决策支持。在Cognos环境中,权限管理是确保数据安全和...正确地实施这个方案,不仅可以增强安全性,还可以提高用户管理和权限控制的灵活性。
- 如果默认的过滤器不能满足需求,可以编写自定义过滤器,插入到Spring Security的过滤器链中,实现更复杂的逻辑,比如基于URL、方法或自定义条件的权限控制。 5. **JWT令牌**: - 为了支持API的无状态认证,可以...
在*** Core中,使用自定义验证属性控制访问权限是一个高级话题,主要涉及到身份验证、授权以及对API访问权限的控制。为了实现这一功能,开发者常常需要编写自定义的验证逻辑,然后通过属性(Attributes)的方式应用...
FilterSecurityInterceptor继承于AbstractSecurityInterceptor,后者提供了许多有用的方法和变量,使得我们可以自定义自己的权限控制逻辑。 实现权限控制的步骤 1. 首先,我们需要创建一个自定义的Interceptor,...
此外,该发明还可能包含一种实现方式,即通过在Vue.js中使用自定义指令或者混入(mixins)来处理权限控制逻辑,这样可以在组件级别实现细粒度的权限控制。同时,Django的中间件(middleware)机制也可以用来进一步...
2. **使用权限**:在需要使用此自定义权限的组件(Activity、Service等)中,通过`<uses-permission>`标签声明该权限: ```xml ``` 3. **检查权限**:在代码中,我们需要通过`ContextCompat....
在代码中,应用可以通过`checkSelfPermission()`方法检查是否已获得某个权限,如果未获得,则可以使用`requestPermissions()`方法请求权限。用户可以在应用运行时决定是否给予这些权限。 5. **运行时权限**: 自...
这可以进一步细化权限控制,实现精细化管理。 通过以上知识点的学习和实践,开发者可以构建出一个既安全又灵活的动态自定义权限设置系统,以满足各种应用场景的需求。对于压缩包中的易语言源码,可以通过阅读和分析...
在提供的资源中,"auth"可能包含了权限相关的数据库表结构、模型、控制器代码以及示例数据,帮助开发者理解和使用这套权限控制系统。可能包括了如用户表、角色表、权限表以及角色-权限关系表等关键数据模型。 总的...
可以通过基于角色对用户权限进行控制: 一、数据模型 1、用户表:用户表和角色表为多对多关系,1个用户可以有多个角色,1个角色可以被多个用户划分; email = models.EmailField( verbose_name='email address',
在本文中,我们将深入探讨如何在Java项目中自定义Spring Security的权限控制管理。这通常涉及到对URL和HTTP方法的细粒度控制,允许某些角色仅访问特定的资源或执行特定的操作。 首先,我们需要了解项目的背景。假设...
在这个主题中,“基于Shiro拦截URL,实现权限控制”意味着我们将探讨如何利用Shiro来管理应用程序中的访问权限,确保用户只能访问他们被授权的资源。 首先,我们需要理解Shiro的三个核心概念: 1. 身份验证...
9. **权限管理**:在WinCE系统中,不同的应用程序和用户可能有不同的权限,自定义桌面时要考虑到权限控制,以确保安全性和用户体验。 10. **测试与优化**:在实际应用前,需要进行详细的测试,包括功能测试、性能...
- 使用IAM角色和策略限制自定义资源的权限,仅允许执行必要的操作。 - 考虑使用版本控制(如Git)和持续集成/持续部署(CI/CD)流程来确保代码质量和一致性。 - 对于敏感数据,使用AWS Secrets Manager或Parameter ...