struts过滤器权限控制,用户实现防止用户未登录进行非法的用户操作,可以对jsp、action等文件及请求进行过滤。
web.xml配置文件如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<filter>
<filter-name>accessFilter</filter-name>
<filter-class>
com.hsinghsu.test.filter.AccessFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>accessFilter</filter-name>
<url-pattern>/jsp/*</url-pattern>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
拦截器实现如下:
package com.hsinghsu.test.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class AccessFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession();
String uri = request.getRequestURI();
// 不过滤登录退出
if ((!uri.contains("/login.jsp")) && (!uri.contains("/login.action"))) {
if (session.getAttribute("user") == null) {
response.sendRedirect(request.getContextPath()
+ "/jsp/login.jsp");
return;
}
}
try {
chain.doFilter(req, res);
} catch (IllegalStateException e) {
}
}
public void init(FilterConfig arg0) throws ServletException {
}
public void destroy() {
}
}
Action代码如下:
package com.hsinghsu.test.action;
import java.util.Map;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;
public class LoginAction extends ActionSupport {
private static final long serialVersionUID = 8013816027944871760L;
private String username;// 登录用户名
private String password;// 登录密码
public String execute() throws Exception {
if (null != username && null != password && username.equals("hsing")
&& password.equals("hsu")) {
ActionContext ctx = ActionContext.getContext();
Map<String, Object> session = ctx.getSession();
// 保存用户信息session
session.put("user", getUsername());
return SUCCESS;// 是拦截器跳转到登陆登录前页面
} else {
return INPUT;
}
}
public void setUsername(String username) {
this.username = username;
}
public String getUsername() {
return this.username;
}
public void setPassword(String password) {
this.password = password;
}
public String getPassword() {
return this.password;
}
}
struts配置文件struts.xml代码如下:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.1.7//EN"
"http://struts.apache.org/dtds/struts-2.1.7.dtd">
<struts>
<constant name="struts.custom.i18n.resources" value="globalMessages" />
<constant name="struts.i18n.encoding" value="UTF-8" />
<package name="hsinghsu" extends="struts-default">
<action name="login" class="com.hsinghsu.test.action.LoginAction">
<result name="input">/jsp/login.jsp</result>
<result name="success">/jsp/userCenter.jsp</result>
</action>
<action name="productList">
<result name="success">/jsp/productList.jsp</result>
</action>
</package>
</struts>
login.jsp代码如下:
<%@ page contentType="text/html; charset=utf-8" language="java"
errorPage=""%>
<%@ taglib prefix="s" uri="/struts-tags"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>登录页面</title>
</head>
<body>
<h3>用户登录</h3>
${tip}
<s:form action="login">
<s:textfield name="username" label="用户名" />
<s:password name="password" label="密码" />
<s:submit value="登录" />
</s:form>
</body>
</html>
userCenter.jsp代码如下:
<%@ page contentType="text/html; charset=utf-8" language="java"
errorPage=""%>
<%@ taglib prefix="s" uri="/struts-tags"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>成功页面</title>
</head>
<body>个人用户中心,您已经登录!
</body>
</html>
productList.jsp代码如下:
<%@ page contentType="text/html; charset=utf-8" language="java"
errorPage=""%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>产品列表</title>
<meta name="website" content="http://www.crazyit.org" />
</head>
<body>
<h2>水果:</h2>
苹果<br/> 橘子<br/> 香蕉<br/>
</body>
</html>
部署完成后,启动tomcat,访问http://localhost:8686/testFilter/jsp/productList.jsp,由于用户未登录,系统自动回跳转到login.jsp页面,实现基本的权限控制。