?? 在struts2中使用攔截器(interceptor)控制登錄和權限.txt
字號:
在jsp servlet中我們通常使用Servlet Filter控制用戶是否登入, 是否有權限轉到某個頁面。在struts2中我們應該會想到他的攔截器(Interceptor), Interceptor在struts2中起著非常重要的作用。 很多struts2中的功能都是使用Interceptor實現的。
需求:簡單的登入界面,讓用戶輸入用戶名、密碼、記住密碼(remember me)。 如果用戶選中remember me的話, 下次就不需要再登入了(使用cookie實現, 用需要點擊logout取消remeber me功能)。 如果用戶起始輸入的地址不是登入頁面的話,在用戶登入之后需要轉到用戶輸入的起始地址。
我們先看看LoginInterceptor.java
Java代碼
package com.javaeye.dengyin2000.wallet.interceptor;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.struts2.StrutsStatics;
import com.javaeye.dengyin2000.wallet.dao.UserDAO;
import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;
import com.javaeye.dengyin2000.wallet.domains.User;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class LoginInterceptor extends AbstractInterceptor {
public static final String USER_SESSION_KEY="wallet.session.user";
public static final String COOKIE_REMEMBERME_KEY="wallet.cookie.rememberme";
public static final String GOING_TO_URL_KEY="GOING_TO";
private UserDAO userDao;
@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext actionContext = invocation.getInvocationContext();
HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
Map session = actionContext.getSession();
if (session != null && session.get(USER_SESSION_KEY) != null){
return invocation.invoke();
}
Cookie[] cookies = request.getCookies();
if (cookies!=null) {
for (Cookie cookie : cookies) {
if (COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {
String value = cookie.getValue();
if (StringUtils.isNotBlank(value)) {
String[] split = value.split("==");
String userName = split[0];
String password = split[1];
try {
User user = userDao
.attemptLogin(userName, password);
session.put(USER_SESSION_KEY, user);
} catch (UserNotFoundException e) {
setGoingToURL(session, invocation);
return "login";
}
} else {
setGoingToURL(session, invocation);
return "login";
}
return invocation.invoke();
}
}
}
setGoingToURL(session, invocation);
return "login";
}
private void setGoingToURL(Map session, ActionInvocation invocation){
String url = "";
String namespace = invocation.getProxy().getNamespace();
if (StringUtils.isNotBlank(namespace) && !namespace.equals("/")){
url = url + namespace;
}
String actionName = invocation.getProxy().getActionName();
if (StringUtils.isNotBlank(actionName)){
url = url + "/" + actionName + ".action";
}
session.put(GOING_TO_URL_KEY, url);
}
public UserDAO getUserDao() {
return userDao;
}
public void setUserDao(UserDAO userDao) {
this.userDao = userDao;
}
}
package com.javaeye.dengyin2000.wallet.interceptor;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.struts2.StrutsStatics;
import com.javaeye.dengyin2000.wallet.dao.UserDAO;
import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;
import com.javaeye.dengyin2000.wallet.domains.User;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class LoginInterceptor extends AbstractInterceptor {
public static final String USER_SESSION_KEY="wallet.session.user";
public static final String COOKIE_REMEMBERME_KEY="wallet.cookie.rememberme";
public static final String GOING_TO_URL_KEY="GOING_TO";
private UserDAO userDao;
@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext actionContext = invocation.getInvocationContext();
HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
Map session = actionContext.getSession();
if (session != null && session.get(USER_SESSION_KEY) != null){
return invocation.invoke();
}
Cookie[] cookies = request.getCookies();
if (cookies!=null) {
for (Cookie cookie : cookies) {
if (COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {
String value = cookie.getValue();
if (StringUtils.isNotBlank(value)) {
String[] split = value.split("==");
String userName = split[0];
String password = split[1];
try {
User user = userDao
.attemptLogin(userName, password);
session.put(USER_SESSION_KEY, user);
} catch (UserNotFoundException e) {
setGoingToURL(session, invocation);
return "login";
}
} else {
setGoingToURL(session, invocation);
return "login";
}
return invocation.invoke();
}
}
}
setGoingToURL(session, invocation);
return "login";
}
private void setGoingToURL(Map session, ActionInvocation invocation){
String url = "";
String namespace = invocation.getProxy().getNamespace();
if (StringUtils.isNotBlank(namespace) && !namespace.equals("/")){
url = url + namespace;
}
String actionName = invocation.getProxy().getActionName();
if (StringUtils.isNotBlank(actionName)){
url = url + "/" + actionName + ".action";
}
session.put(GOING_TO_URL_KEY, url);
}
public UserDAO getUserDao() {
return userDao;
}
public void setUserDao(UserDAO userDao) {
this.userDao = userDao;
}
}
首先判斷session中有沒有用戶信息, 如果有的話繼續, 如果沒有的話,檢查cookie中有沒有rememberme的值,如果有的話,用==分割, 取得用戶名密碼進行登入。如果沒有這個用戶的話,記錄下request的action地址然后轉到登入頁面。如果驗證有這個用戶,則繼續下面的interceptor。 如果cookie中沒有信息的話,則記錄request的action地址然后轉到登入頁面。 以上就是LoginInterceptor的全部代碼。
下面我們看看struts.xml
Java代碼
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<package name="default" extends="struts-default">
<interceptors>
<interceptor name="loginInterceptor" class="loginInterceptor"></interceptor>
<interceptor-stack name="loginDefaultStack">
<interceptor-ref name="loginInterceptor"></interceptor-ref>
<interceptor-ref name="defaultStack"></interceptor-ref>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="loginDefaultStack"></default-interceptor-ref>
<global-results>
<result name="login" type="redirect">/login.jsp</result>
</global-results>
<action name="index" class="indexAction">
<result>/index.jsp</result>
</action>
<action name="logout" class="logoutAction"></action>
<action name="login" class="loginAction" method="login">
<result type="redirect">${goingToURL}</result>
<result name="input">/login.jsp</result>
<interceptor-ref name="defaultStack"></interceptor-ref>
</action>
<action name="register" class="registerAction">
<result type="redirect">/login.jsp</result>
<result name="input">/register.jsp</result>
<interceptor-ref name="defaultStack"></interceptor-ref>
</action>
</package>
</struts>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<package name="default" extends="struts-default">
<interceptors>
<interceptor name="loginInterceptor" class="loginInterceptor"></interceptor>
<interceptor-stack name="loginDefaultStack">
<interceptor-ref name="loginInterceptor"></interceptor-ref>
<interceptor-ref name="defaultStack"></interceptor-ref>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="loginDefaultStack"></default-interceptor-ref>
<global-results>
<result name="login" type="redirect">/login.jsp</result>
</global-results>
<action name="index" class="indexAction">
<result>/index.jsp</result>
</action>
<action name="logout" class="logoutAction"></action>
<action name="login" class="loginAction" method="login">
<result type="redirect">${goingToURL}</result>
<result name="input">/login.jsp</result>
<interceptor-ref name="defaultStack"></interceptor-ref>
</action>
<action name="register" class="registerAction">
<result type="redirect">/login.jsp</result>
<result name="input">/register.jsp</result>
<interceptor-ref name="defaultStack"></interceptor-ref>
</action>
</package>
</struts>
我們是使用的默認的interceptor stack是loginInterceptor, 如果你需要讓不登入的用戶也能訪問的話,你需要配置你的action使用defaultStack。 我們這里的login, register使用的就是defaultStack。 這里要注意的是success的result是我們用LoginInterceptor設過來的值。 這樣我們就能夠轉到用戶輸入的起始頁面。 下面我們再來看看login.jsp 和 loginAction
Java代碼
<%@taglib prefix="s" uri="/struts-tags" %>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Wallet-Login</title>
</head>
<body>
<h2>Login</h2>
<s:actionmessage/>
<s:actionerror/>
<s:form action="login" method="post" validate="false" theme="xhtml">
<s:textfield name="loginName" label="Username"></s:textfield><br/>
<s:password name="password" label="Password"></s:password><br/>
<s:checkbox label="Remember Me" name="rememberMe"></s:checkbox>
<s:submit value="%{'Login'}"></s:submit>
</s:form>
<a href="register.jsp">Register</a>
</body>
</html>
<%@taglib prefix="s" uri="/struts-tags" %>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Wallet-Login</title>
</head>
<body>
<h2>Login</h2>
<s:actionmessage/>
<s:actionerror/>
<s:form action="login" method="post" validate="false" theme="xhtml">
<s:textfield name="loginName" label="Username"></s:textfield><br/>
<s:password name="password" label="Password"></s:password><br/>
<s:checkbox label="Remember Me" name="rememberMe"></s:checkbox>
<s:submit value="%{'Login'}"></s:submit>
</s:form>
<a href="register.jsp">Register</a>
</body>
</html>
Java代碼
package com.javaeye.dengyin2000.wallet.actions;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -