用户登录功能以及登录拦截

一、用户登录

        思路：jsp实现表单提交，action用模型驱动的方式接收数据，在数据库查找有没有与之匹配的记录，若没有，回到登录界面（并将用户填的数据回显，并给出错误提示），若有，进入首页，显示用户名

1、jsp页面

<form action="${pageContext.request.contextPath }/loginAction_login.action" method="post">
	账号：<input type="text" name="account" value="${user.user_name }" /><br>
	密码：<input type="password" name="password" /><br>
	<input type="submit" value="登录">
</form>

2、action

public class LoginAction extends ActionSupport implements ModelDriven<User> {
	private User user = new User();
	UserService service = new UserService();
	
	public String login() {
		List<User> list = service.login(user);
		if (list.size()==0) {
			this.addActionError("您输入的信息有误！");
			ServletActionContext.getRequest().getSession().setAttribute("user", user);
			return LOGIN;
		}else {
			ServletActionContext.getRequest().getSession().setAttribute("user", list.get(0));
			return SUCCESS;
		}
	}
	
	@Override
	public User getModel() {
		return user;
	}
	
}

3、配置struts2.xml

<package name="package1" extends="struts-default" namespace="/">
	<action name="loginAction_*" class="com.wasion.web.action.LoginAction" method="{1}">
		<result name="success" type="redirect">/index.jsp</result>
		<result name="login">/login.jsp</result>
	</action>
</package>

4、service及dao层实现

public class UserService {
	UserDao dao = new UserDao();
	public List<User> login(User user) {
		return dao.login(user);
	}
	
}

public List<User> login(User user) {
	Session session = HibernateUtils.openSession();
	Transaction ts = session.beginTransaction();
	Query query = session.createQuery("from User where user_name=? and user_password=? and user_code=?");
	query.setParameter(0, user.getUser_name());
	query.setParameter(1, user.getUser_password());
	query.setParameter(2, user.getUser_code());
	List<User> list = query.list();
	ts.commit();
	session.close();
	return list;
}

效果：

失败>>

成功>>

二、登录拦截

1、编写拦截器（继承MethodFilterInterceptor类）

public class LoginInterceptor extends MethodFilterInterceptor {

	@Override
	protected String doIntercept(ActionInvocation invocation) throws Exception {
		User user = (User) ServletActionContext.getRequest().getSession().getAttribute("user");
		if (user == null) {
//			未登录
			ActionSupport actionSupport = (ActionSupport) invocation.getAction();
			actionSupport.addActionError("您没有权限，请先登录！");
			return actionSupport.LOGIN;
		}else {
//			已经登录
			return invocation.invoke();
		}
	}
	
}

2、添加配置文件

<package name="package1" extends="struts-default" namespace="/">
		<!-- 拦截器声明 -->
	<interceptors>
		<interceptor name="LoginInterceptor" class="com.wasion.web.interceptor.LoginInterceptor"></interceptor>
	</interceptors>
	<global-results>
		<result name="login">/login.jsp</result>
	</global-results>
	<action name="customerAction_*" class="com.wasion.web.action.CustomerAction" method="{1}">
		<result name="success">/success.jsp</result>
		<result name="find_success">/jsp/customer/list.jsp</result>
		<result name="findIdSuccess">/jsp/customer/edit.jsp</result>
		
		<!-- 配置拦截器 -->
		<interceptor-ref name="defaultStack"></interceptor-ref>
		<interceptor-ref name="LoginInterceptor"></interceptor-ref>
	</action>
	<action name="loginAction_*" class="com.wasion.web.action.LoginAction" method="{1}">
		<result name="success" type="redirect">/index.jsp</result>
		
		<!-- 配置拦截器 -->
		<interceptor-ref name="defaultStack"></interceptor-ref>
		<interceptor-ref name="LoginInterceptor">
			<param name="excludeMethods">login</param>
		</interceptor-ref>
	</action>
</package>

有一个问题，当我们在这个页面点击登录后，会产生页面嵌套的效果，只要在login.jsp表单提交的form中修改一个属性即可

<form action="${pageContext.request.contextPath }/loginAction_login.action" method="post" target="_parent">