<!-- 配置拦截器站 -->
<interceptors>
<interceptor name="loginInterceptor" class="org.cric.interceptor.LoginInterceptor"></interceptor>
<interceptor-stack name="myStack">
<interceptor-ref name="loginInterceptor">
<param name="excludeMethods">enterSystem</param><!--配置黑名单-->
</interceptor-ref>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="myStack"/>
package org.cric.interceptor;
import org.cric.dao.AdminDao;
import org.cric.dao.impl.AdminDaoImpl;
import org.cric.model.Admin;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;
/*
* 登陆拦截器
*/
public class LoginInterceptor extends MethodFilterInterceptor {
private static final long serialVersionUID = -8116433908456886908L;
private AdminDao adminDaoImpl=new AdminDaoImpl();
private static final String SESSIONEKEY="adminbar";//session的key.
protected String doIntercept(ActionInvocation invocation) throws Exception {
Object obj=invocation.getInvocationContext().getSession().get(SESSIONEKEY);//获取Session
if(obj!=null){
Admin admin=(Admin)obj;
Admin admin2=adminDaoImpl.check(admin);//防止黑客模拟admin对象
if(admin2!=null){
if(admin2.getStatus()==0){//判断管理员是否锁定
return invocation.invoke();//执行 Action 层
}
}
}
return "gologinPage";
}
}