功能:
·UserLogin作为控制登录的Action,校验密码成功后记录session,可以选择记住登陆状态,登陆成功后自动跳转到登陆前的URL;
·UserLogout作为控制登录推出的Action,移除session,删除cookie;
·MainInfo和HeadInfo模拟了两个相对独立的Action用于展示页面内容;
·LoginInterceptor作为检查登录状态的拦截器,先检查session,后检查本地cookie;
·mainInfo.action和headInfo.action被配置通过LoginInterceptor拦截器检查。
struts.xml配置文件
- <struts>
- <package name="common-web" extends="struts-default">
- <interceptors>
- <interceptor name="loginInterceptor" class="loginInterceptor" />
- <interceptor-stack name="loginDefaultStack">
- <interceptor-ref name="loginInterceptor" />
- <interceptor-ref name="defaultStack" />
- </interceptor-stack>
- </interceptors>
- <default-interceptor-ref name="loginDefaultStack" />
- <global-results>
- <result name="login" type="redirect">userLogin.action</result>
- </global-results>
- <action name="userLogin" class="userLoginAction">
- <result type="redirect">${goingToURL}</result>
- <result name="input">/page/user_login.jsp</result>
- <interceptor-ref name="defaultStack" />
- </action>
- <action name="userLogout" class="userLogoutAction"></action>
- <action name="mainInfo" class="mainInfoAction">
- <result name="success">/page/main.jsp</result>
- </action>
- <action name="headInfo" class="headInfoAction">
- <result name="success">/page/head.jsp</result>
- </action>
- </package>
- </struts>
struts.xml遇到的问题:
1、拦截器与Action必须配置在一个package下,否则拦截器不会对其他package下的Action生效。
2、暂无。
UserLogin.java主要源码
- public class UserLogin extends ActionSupport implements ServletResponseAware, SessionAware {
- private String name;
- private String password;
- private boolean rememberMe;
- private HttpServletResponse response;
- private Map<String, Object> session;
- private String goingToURL;//登录前的URL
- public String execute() throws Exception {
- //...
- if (isLoginSucc) {
- //成功登录后记录session和cookie
- if (rememberMe) {
- String t = name + "," + password;
- Cookie cookie = new Cookie(CommonConstants.COOKIE_KEY_REMEMBER_LOGIN, t);
- cookie.setMaxAge(CommonConstants.COOKIE_AGE);//设置cookie存活时间
- response.addCookie(cookie);
- }
- //设置session中的登录用户信息
- session.put(CommonConstants.SESSION_KEY_USER_NAME, name);
- //从session中获取登陆前URL,获取后移除session中的这个值
- String goingToURL = (String) session.get(CommonConstants.SESSION_KEY_URL_BEFORE_LOGIN);
- setGoingToURL(goingToURL);
- session.remove(CommonConstants.SESSION_KEY_URL_BEFORE_LOGIN);
- logger.info("登录成功[" + name + "]");
- return SUCCESS;
- } else {
- logger.error("登录失败[" + name + "][" + password + "]");
- return INPUT;
- }
- }
- //... getter & setter methods
- }
UserLogin.java遇到的问题:
1、cookie.setDomain(),cookie.setPath()设置错误会导致cookie写入失败;
2、cookie.Value中有分号“;”时,会导致cookie写入失败,改为逗号解决;
LoginInterceptor.java主要源码
- public class LoginInterceptor extends AbstractInterceptor {
- /* (non-Javadoc)
- * @see com.opensymphony.xwork2.interceptor.AbstractInterceptor#intercept(com.opensymphony.xwork2.ActionInvocation)
- */
- @Override
- public String intercept(ActionInvocation invocation) throws Exception {
- ActionContext actionContext = invocation.getInvocationContext();
- HttpServletRequest request = (HttpServletRequest) actionContext
- .get(StrutsStatics.HTTP_REQUEST);
- Map<String, Object> session = actionContext.getSession();
- //首先判断session,查找是否登录成功,通过拦截器
- if (session != null && session.get(CommonConstants.SESSION_KEY_USER_NAME) != null) {
- logger.info("通过拦截器,session中有记录[" + session.get(CommonConstants.SESSION_KEY_USER_NAME)
- + "]");
- return invocation.invoke();
- }
- //其次cookie验证,是否有记住的登录状态
- Cookie[] cookies = request.getCookies();
- if (cookies != null) {
- for (Cookie cookie : cookies) {
- if (logger.isDebugEnabled())
- logger.debug("读取cookie项[" + cookie.getName() + "]");
- if (CommonConstants.COOKIE_KEY_REMEMBER_LOGIN.equals(cookie.getName())) {
- String value = cookie.getValue();
- if (StringUtils.isNotBlank(value)) {
- String[] split = value.split(",");
- String name = split[0];
- String password = split[1];
- if (userLoginManager.checkLogin(name, password)) {
- //check name/password from cookie success
- logger.info("通过拦截器,cookie中有记录[" + name + "]");
- session.put(CommonConstants.SESSION_KEY_USER_NAME, name);
- return invocation.invoke();
- } else {
- //check name/password from cookie failure
- setGoingToURL(session, invocation);
- return Action.LOGIN;
- }
- } else {
- setGoingToURL(session, invocation);
- return Action.LOGIN;
- }
- }
- }
- }
- setGoingToURL(session, invocation);
- return Action.LOGIN;
- }
- private void setGoingToURL(Map<String, Object> session, ActionInvocation invocation) {
- String url = "";
- String namespace = invocation.getProxy().getNamespace();
- if (StringUtils.isNotBlank(namespace) && !namespace.equals("/")) {
- url = url + namespace;
- }
- String actionName = invocation.getProxy().getActionName();
- if (StringUtils.isNotBlank(actionName)) {
- url = url + "/" + actionName + ".action";
- }
- if (logger.isDebugEnabled())
- logger.debug("拼接登录前URL,结果:" + CommonConstants.SESSION_KEY_URL_BEFORE_LOGIN + "[" + url
- + "]");
- session.put(CommonConstants.SESSION_KEY_URL_BEFORE_LOGIN, url);
- }
- //... getter & setter methods
- }
LoginInterceptor.java遇到的问题: