1.新建拦截器
package com.chinaso.user;
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.chinaso.po.User;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
public class SessionFilter implements Filter {
private static String loginURL;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession();
User user = (User)session.getAttribute("user");
String uri = req.getRequestURI();
String message = null;
// 1.判断用户是否登录过
if (user != null && user.getName() != null && user.getPassword() != null) {
// 判断用户是不是在其他地方登陆过
if(UserList.isOld(user)) {
message = "对不起,您的账号【" + user.getName() + "】 在别的地方登录或状态不对,您已经被迫退出。若有疑问请联系管理员,谢谢!";
req.setAttribute("message", message);
req.getRequestDispatcher(loginURL).forward(req, resp);
} else {
// 如果登录过又不是二次登录就放行
chain.doFilter(request, response);
}
// 2.处理登录访问
} else if (uri.endsWith("login")) {
chain.doFilter(request, response);
// 3.拦截非法请求
} else {
message = "对不起,请先登录,谢谢!";
req.setAttribute("message", message);
req.getRequestDispatcher(loginURL).forward(req, resp);
}
}
/**
* 初始化配置参数:初始化在 web.xml 文件中配置的参数
*/
public void init(FilterConfig config) throws ServletException {
loginURL = config.getInitParameter("loginURL");
}
public void destroy() {
}
}
2.配置 web.xml 文件
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name></display-name>
<welcome-file-list>
<welcome-file></welcome-file>
</welcome-file-list>
<!-- 这里的监听类处理的是 session 的属性变化 -->
<listener>
<listener-class>com.chinaso.user.UserSessionListener</listener-class>
</listener>
<filter>
<filter-name>sessionFilter</filter-name>
<filter-class>com.chinaso.user.SessionFilter</filter-class>
<init-param><!-- 这里配置 Filter 初始化的参数 -->
<param-name>loginURL</param-name>
<param-value>/login.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>sessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
3.UserSessionListener.java
package com.chinaso.user;
import javax.servlet.http.HttpSessionAttributeListener;
import javax.servlet.http.HttpSessionBindingEvent;
import com.chinaso.po.User;
public class UserSessionListener implements HttpSessionAttributeListener {
public void attributeAdded(HttpSessionBindingEvent se) {
if ("user".equals(se.getName())) {
User user = (User) se.getValue();
UserList.addAttr(user);
}
}
public void attributeRemoved(HttpSessionBindingEvent se) {
if ("user".equals(se.getName())) {
User user = (User) se.getValue();
UserList.removeAttr(user);
user = null;
}
}
public void attributeReplaced(HttpSessionBindingEvent se) {
if ("user".equals(se.getName())) {
User user = (User) se.getSession().getAttribute("user");
UserList.addAttr(user);
}
}
}
4.UserList.java
package com.chinaso.user;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import com.chinaso.po.User;
public class UserList {
private static Map<String, User> userList = new HashMap<String, User>();
public static void addAttr(User u) {
User user = userList.get(u.getName());
if (user != null && user.equals(u)) {
userList.remove(user.getName());
}
userList.put(u.getName(), u);
}
public static void removeAttr(User u) {
userList.remove(u.getName());
}
public static int getUserCount() {
return userList.size();
}
public static Map<String, User> getUserList() {
return userList;
}
public static boolean isOld(User u) {
User user = userList.get(u.getName());
if (user != null) {
Date loginTime = user.getLoginTime();
if (!u.getLoginTime().equals(loginTime)) {
return true;
}
} else {
return true;
}
return false;
}
}
5.Login.java
package com.chinaso.action;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Date;
import java.util.Map;
import org.apache.struts2.interceptor.RequestAware;
import org.apache.struts2.interceptor.SessionAware;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.chinaso.db.DBManager;
import com.chinaso.po.User;
import com.chinaso.util.UserInfo;
import com.opensymphony.xwork2.ActionSupport;
import com.opensymphony.xwork2.ModelDriven;
public class Login extends ActionSupport implements ModelDriven<User>,
SessionAware,RequestAware {
static final Logger logger = LoggerFactory.getLogger(Login.class);
private User user = new User();
private Map<String, Object> session;
private Map<String, Object> request;
@Override
public String execute() throws Exception {
String message = null;
if (user != null && user.getName() != null) {
if (checkUser(user)) {
user.setId(1);
user.setLoginTime(new Date());
session.put("user", user);
return SUCCESS;
} else {
message = "对不起没有此用户【" + user.getName() + "】,请重新登录,注意大小写!";
}
} else {
message = "对不起,请登录,注意大小写!";
}
request.put("message", message);
return ERROR;
}
public void setSession(Map<String, Object> session) {
this.session = session;
}
public User getModel() {
return user;
}
public boolean checkUser(User user) {
int count = 0;
try {
Connection conn = DBManager.getConnection(UserInfo.getDsname());
Statement stmt = conn.createStatement();
ResultSet rs = stmt
.executeQuery("select count(*) from db.table where name='nm' and password='pwd'"
.replace("db", UserInfo.getDb())
.replace("table", UserInfo.getTable())
.replace("nm", user.getName())
.replace("pwd", user.getPassword()));
if (rs.next()) {
count = rs.getInt(1);
}
DBManager.releaseConnection(conn, stmt);
} catch (Exception e) {
logger.error("- [CheckUserError] - {}", e);
}
return count > 0 ? true : false;
}
public void setRequest(Map<String, Object> request) {
this.request = request;
}
}
6.struts.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN" "http://struts.apache.org/dtds/struts-2.1.dtd">
<struts>
<constant name="struts.enable.DynamicMethodInvocation" value="true"></constant>
<constant name="struts.devMode" value="true"></constant>
<package name="default" namespace="/" extends="struts-default">
<global-results>
<result name="login">/login.jsp</result>
</global-results>
<action name="index">
<result>/index.jsp</result>
</action>
<action name="control">
<result>/control.jsp</result>
</action>
<action name="login" class="com.chinaso.action.Login">
<result name="success" type="redirectAction">index</result>
<result name="error">/login.jsp</result>
</action>
</package>
</struts>
7.注意点:
7.1.这里配置的 Filter 如果想过滤所有的 web 请求,那么如果用在 struts2 框架中,就必须要配置在【 struts2 框架之前】,因为 Filter 执行的顺序跟它们在 web.xml 中【配置的先后顺序】是有关系的,【从上向下执行】,所以如果 自定义的 Filter 方在了 struts2 配置之下的话,有些对于 strutss action 的 请求就会首先被 strutss 拦截住,这样 Filter 自定义拦截功能就没有意义了。
7.2.Filter 的目的是【拦截非法的请求】,所以要注意 Filter 的处理逻辑,一定要给正常的请求一个出口,否则用户就可能陷入【永远登录】的死循环中。