Source: Hi learning network sensitive and eager Forum www.piaodoo.com welcome to learn from each other
Generally, our web applications are only allowed to operate after the user logs on, that we do not allow non-authenticated users to log directly access certain pages or functions menu item. I remember a long time ago my approach: In a jsp page to see if there is value in the session (of course, the user logs logic sends the user name or user object stored in the session), if the user session information is empty, then redirect to the login page. In addition to the login page and other pages all need to verify the user has logged on to introduce the jsp.
For example, we will examine the code if the user logged into a jsp page, such as checkUser.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%
Object username = session.getAttribute("username");
if(null == username){
response.sendRedirect("login.jsp");
}
%>
Login page for the login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>登录页面</title>
</head>
<body>
<h1>用户登录</h1>
用户名:<input type="text" name="username" /><br />
密码:<input type="text" name="pwd" />
</body>
</html>
Jump to assume that after a successful login menu page menu.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <%@ include file="checkUser.jsp" %> <title>菜单页</title> </head> <body> <h1>菜单1</h1> <br /> <h1>菜单2</h1> <br /> <h1>菜单3</h1> <br /> <h1>菜单4</h1> <br /> </body> </html>
In which the introduction of checkUser.jsp, so that when a user tries to access without login and menu.jsp page will be forced to login.jsp page.
This method is certainly more feasible, but too ugly and cumbersome. Later, I learned can be in addition to the login page jsp or html pages on the WEB-INF directory, so users can not knock url to access the page directly in the browser. However, if someone in some way that our action and method names out? Do we want each method in action, check if the user is logged on yet? Just think about it this way do I feel stupid. Fortunately, we have struts2 interceptors.
Let's look at how to achieve.
We write an interceptor class, it inherits MethodFilterInterceptor.
/**
* @Title: LoginInterceptoe.java
* @Description: 拦截非登录用户请求
* @author ThinkPad
* @version 1.0
* @date 2014年8月2日
*/
package com.exam.interceptor;
import com.exam.utils.Constants;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;
/**
* @author ThinkPad
*
*/
public class LoginInterceptor extends MethodFilterInterceptor{
/**
*
*/
private static final long serialVersionUID = -4409507846064552966L;
/* (non-Javadoc)
* @see com.opensymphony.xwork2.interceptor.MethodFilterInterceptor#doIntercept(com.opensymphony.xwork2.ActionInvocation)
*/
@Override
protected String doIntercept(ActionInvocation invoker) throws Exception {
// TODO Auto-generated method stub
Object loginUserName = ActionContext.getContext().getSession().get(Constants.USERNAME);
if(null == loginUserName){
return Constants.VIEW_LOGIN; // 这里返回用户登录页面视图
}
return invoker.invoke();
}
}
Struts.xml fill in the file:
<interceptors> <interceptor name="loginInteceptor" class="com.exam.interceptor.LoginInterceptor" /> <interceptor-stack name="loginStack"> <interceptor-ref name="loginInteceptor"> <param name="excludeMethods">goLogin,login</param> </interceptor-ref> <interceptor-ref name="defaultStack"></interceptor-ref> </interceptor-stack> </interceptors> <default-interceptor-ref name="loginStack" />
Wherein, <param name = "excludeMethods"> goLogin, login </ param> configuration filtration method, a method of interceptor means which does not work. I am here, goLogin is a method to jump to the login page. login user name and password authentication is a method, which will be verified in the user name into the session. Yes, this is what we need to do all things, is not very easy to do?
I'm here a little summary follows:
1, in struts2, all Interceptor interceptor will inherit this interface.
2, written after the interceptor to be configured in struts.xml file, if the interceptor is used to intercept a certain action, then it is placed in the back of the interceptor result of this action.
<struts> <package name="struts2" extends="struts-default"> <interceptors> <interceptor name="myinterceptor" class="com.interceptor.MyInterceptor"> <param name="hello">world</param> </interceptor> </interceptors> <action name="register" class="com.test.action.RegisterAction" > <result name="input">/register.jsp</result> <result name="success">/success.jsp</result> <interceptor-ref name="myinterceptor"></interceptor-ref> </action> </package> <struts>
3, if we did not add interceptors, struts2 will add a default interceptor for us. And if we specify interceptors, our own interceptors will replace the default interceptors, then we can not enjoy some of the features provided by default interceptors. So, in general I would also add default interceptors. For example, in the above configuration item, action which together with <interceptor-ref name = "defaultStack"> </ interceptor-ref>
4, Interceptor interface has three methods: init, destroy, intercept. But generally we do not care init and destroy methods. It provides a simplified struts2 interceptor class for us: AbstractInterceptor, it implements the init and destroy methods, we only need to implement intercept method.
5, on the interceptor stack. The interceptor stack can be viewed as a "large" interceptor, which consists of several interceptors. Use it as a reference to the same interceptor.
6, filtration interceptor, need to inherit MethodFilterInterceptor class (that is, the practice here interceptor class example uses). You can specify which methods the interceptor intercepting (using <param name = "includeMethods"> the method1, method2 </ param>
), the interceptor can not specify what method (<param name = "excludeMethods" > method1 interception, method2 </ param>)
This prevents the user is not logged in over the operation - simple struts2 interceptor is the realization of small series to share the entire contents of everyone, and I hope to give you a reference, I hope you will support based on sensitive and eager Forum / Hi learning network.
The original address is: http: //www.piaodoo.com/thread-13255-1-1.html stockings control www.txdah.com 131 outside www.buzc.org enjoyable learning can help to learn better!