struts2使用注解开发,关于拦截器的注册以使用
1.创建一个拦截器
package com.bbkj.common.security;
import com.bbkj.common.BaseAction;
import com.bbkj.domain.Openid;
import com.bbkj.domain.User;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
import lombok.Getter;
import lombok.Setter;
import net.sf.json.JSONObject;
import org.apache.struts2.ServletActionContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.Map;
/**
* @author JJ
* @version 1.0
* @description: TODO
* @date 2020/9/29 17:32
*/
@Setter
@Getter
public class MyInterceptor extends BaseAction implements Interceptor {
@Override
public void destroy() {
System.out.println("----destroy()----");
}
@Override
public void init() {
System.out.println("-----Init()-------");
}
@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
System.out.println("----验证中------");
HttpServletRequest request = ServletActionContext.getRequest();
HttpSession session = request.getSession();
String role = request.getHeader("role");
try {//后台接口验证
//String test = request.getHeader("user");
if (role.equals("pc")) {
//session里保存的用户信息
Map sessionUser = (Map) session.getAttribute("info");
System.out.println("pc端用户查看头部携带信息和session保存新消息");
System.out.println(request.getHeader("user"));
// System.out.println("session保存的消息");
// System.out.println(sessionUser);
JSONObject jsonObject = JSONObject.fromObject(request.getHeader("user"));
//请求头的用户信息
User user = (User) JSONObject.toBean(jsonObject, User.class);
// System.out.println("查看请求头的信息");
// System.out.println(user);
// System.out.println(GetLocalTime.localTime());
// System.out.println(user.getPassword());
// System.out.println("查看session保存的密码");
// System.out.println(sessionUser.getPassword());
/**
System.out.println(sessionUser.getPassword());
System.out.println(user.getName());
System.out.println(sessionUser.getName());
System.out.println("验证时的sessionId");
System.out.println(session.getId());
*/
if (sessionUser != null && user.getPassword().equals(sessionUser.get("password")) && user.getName().equals(sessionUser.get("name"))) {
System.out.println("验证成功");
//System.out.println(session.getAttribute("info"));
return actionInvocation.invoke();
}
System.out.println("验证失败");
response(403, "你不是本系统授权的用户");
return null;
}
if (role.equals("phone")) {
System.out.println("手机端用户登录");
return actionInvocation.invoke();
}
// System.out.println("微信小程序的验证");
Openid wxSessionUser = (Openid) session.getAttribute("info");
// session里保存的用户信息
// System.out.println("session里面保存的值");
// System.out.println(wxSessionUser);
//获取微信小程序请头信息
JSONObject jsonObject = JSONObject.fromObject(request.getHeader("user"));
Openid wxUser = (Openid) JSONObject.toBean(jsonObject, Openid.class); //请求头的用户信息
// System.out.println("微信小程序请求头部信息");
// System.out.println(wxUser);
//System.out.println(GetLocalTime.localTime());
if (wxSessionUser != null && wxUser.getOpenid().equals(wxSessionUser.getOpenid())) {
// System.out.println("验证成功");
//System.out.println(session.getAttribute("info"));
return actionInvocation.invoke();
}
System.out.println("验证失败,非本系统用户!");
response(403, "你不是本系统授权的用户");
} catch (Exception e) {
System.out.println("没有验证信息");
response(417, "没有验证信息");
}
return null;
}
}
2.在struts.xml文件注册拦截器
<package name="security" extends="struts-default">
<interceptors>
<interceptor name="myInterceptor" class="com.bbkj.common.security.MyInterceptor"/>
<interceptor-stack name="checkStack">
<interceptor-ref name="myInterceptor"/>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="checkStack"/>
</package>
3.使用。因为是用注解开发接口,所以可以创建两个父包,一个是带自定义鉴权拦截器的,一个是不带自定义鉴权拦截器的
<package name="noCheck" extends="struts-default,json-default"/>
<package name="post" extends="json-default,security"/>
4.代码中使用,在需要加入鉴权的类加入@ParentPackage(“post”)声明继承名为post的package.
@Getter
@Setter
@Controller
@ParentPackage("post")
@Namespace("/carousel")
public class CarouselAction extends BaseAction {
这样写会使此类的所有接口都别鉴权,但是,当你在方法的@Action接口写入interceptorRefs的属性的时候,需要加入**@InterceptorRef(“checkStack”)**才能使鉴权拦截器生效,代码如下
@Action(value = "phoneLogin", interceptorRefs = {@InterceptorRef("json"),@InterceptorRef("checkStack")})
public String phoneLogin() throws Exception {