STRUTS2 jsp 访问控制问题

STRUTS2 jsp 访问控制问题

第一个程序

按照以下的步骤来

导入jar包

1)       找到struts2的源码包，找到apps目录下，解压struts2-blank.war

2)       进入struts-2.3.20.1-all\struts-2.3.20.1\apps\struts2-blank\WEB-INF\lib

将这个目录下的所有jar导入myeclipse工程中，项目名/WebRoot/WEB-INF/lib目录下

这些jar名字为：

asm-5.0.2.jar

asm-commons-5.0.2.jar

asm-tree-5.0.2.jar

commons-fileupload-1.3.1.jar

commons-io-2.2.jar

commons-lang3-3.2.jar

freemarker-2.3.19.jar

javassist-3.11.0.GA.jar

log4j-1.2.17.jar

ognl-3.0.6.jar

struts2-core-2.3.20.1.jar

xwork-core-2.3.20.1.jar

 

3)       进入struts-2.3.20.1-all\struts-2.3.20.1\apps\struts2-blank\WEB-INF目录下，将web.xml复制到myeclipse项目的  项目名/WebRoot/WEB-INF 下

 

4)       进入struts-2.3.20.1-all\struts-2.3.20.1\apps\struts2-blank\WEB-INF\src\java目录下，将struts.xml 复制到  项目名/src目录下

 

写jsp页面

目录结构为：

Index.jsp

 

<%@ page language="java"import="java.util.*" pageEncoding="UTF-8"%>

<%

String path =request.getContextPath();

String basePath =request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";

%>

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTDHTML 4.01 Transitional//EN">

<html>

 <head>

   <base href="<%=basePath%>">

   

   <title>My JSP 'index.jsp' starting page</title>

   <meta http-equiv="pragma" content="no-cache">

   <meta http-equiv="cache-control" content="no-cache">

   <meta http-equiv="expires" content="0">   

   <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">

   <meta http-equiv="description" content="This is my page">

   <!--

   <linkrel="stylesheet" type="text/css" href="styles.css">

   -->

 </head>

 

 <body>

   <a href="product-input.action">add product</a>

 </body>

</html>

 

Input.jsp

 

<%@ page language="java"import="java.util.*" pageEncoding="UTF-8"%>

<%

String path =request.getContextPath();

String basePath =request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";

%>

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTDHTML 4.01 Transitional//EN">

<html>

 <head>

   <base href="<%=basePath%>">

   

   <title>My JSP 'input.jsp' starting page</title>

   

   <meta http-equiv="pragma" content="no-cache">

   <meta http-equiv="cache-control" content="no-cache">

   <meta http-equiv="expires" content="0">   

   <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">

   <meta http-equiv="description" content="This is my page">

   <!--

   <linkrel="stylesheet" type="text/css" href="styles.css">

   -->

 

 </head>

 

 <body>

   <form action="product-save.action" method="post">

   

   id:<input type="text" name="productId"/> <br/><br/>

   name:<input type="text" name="productName"/> <br/><br/>

   desc:<input type="text"name="productDesc"/> <br/><br/>

   price: <input type="text" name="productPrice"><br/><br>

   

   <input type="submit" name="submit"value="添加商品">

       

   </form>

 </body>

</html>

 

Detail.jsp

<%@ page language="java"import="java.util.*" pageEncoding="UTF-8"%>

<%

String path =request.getContextPath();

String basePath =request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";

%>

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTDHTML 4.01 Transitional//EN">

<html>

 <head>

   <base href="<%=basePath%>">

   

   <title>My JSP 'detail.jsp' starting page</title>

   

   <meta http-equiv="pragma" content="no-cache">

   <meta http-equiv="cache-control" content="no-cache">

   <meta http-equiv="expires" content="0">   

   <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">

   <meta http-equiv="description" content="This is my page">

   <!--

   <linkrel="stylesheet" type="text/css" href="styles.css">

   -->

 

 </head>

 

 <body>

   id: ${productId } <br/><br/>

   name: ${productName } <br/><br/>

   desc: ${productDesc } <br/><br/>

   price: ${productPrice } <br/><br/>

 </body>

</html>

 

Product类

package com.qing.struts2;

 

public classproduct {

 

   private Integer productId;

   private String productName;

   private String productDesc;

   private double productPrice;

  

   public Integer getProductId(){

      return productId;

   }

   public void setProductId(IntegerproductId) {

      this.productId = productId;

   }

   public String getProductName(){

      return productName;

   }

   public void setProductName(StringproductName) {

      this.productName = productName;

   }

   public String getProductDesc(){

      return productDesc;

   }

   public void setProductDesc(StringproductDesc) {

      this.productDesc = productDesc;

   }

   public double getProductPrice() {

      return productPrice;

   }

   public void setProductPrice(double productPrice) {

      this.productPrice = productPrice;

   }

  

   public product() {

      // TODO Auto-generated constructor stub

   }

  

   @Override

   public String toString() {

      return "product [productId="+ productId+ ", productName="

            +productName+ ", productDesc=" + productDesc

            +", productPrice=" + productPrice+ "]";

   }

 

  

   public String save()

   {

      System.out.println("saving "+ this.toString());

      return "details";

     

   }

  

}

 

 

配置文件

Struts.xml

<?xml version="1.0"encoding="UTF-8" ?>

<!DOCTYPE struts PUBLIC

   "-//Apache Software Foundation//DTD StrutsConfiguration 2.3//EN"

   "http://struts.apache.org/dtds/struts-2.3.dtd">

 

<struts>

 

 

  

   <package name="qing-pack" namespace="/"extends="struts-default">

  

  

      <!--action 中 name的含义就是一个struts2的一个请求，或者也是serletpath去掉/和后缀action  -->

      <action name="product-input" >

         <result>/WEB-INF/pages/input.jsp</result>

      </action>

  

      <action name="product-save" class="com.qing.struts2.product" method="save">

         <result name="details">/WEB-INF/pages/detail.jsp</result>

      </action>

  

   </package>

  

   <!-- Add packages here -->

 

</struts>

 

Web.xml

<?xml version="1.0"encoding="UTF-8"?>

<web-app id="WebApp_9"version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"

         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

 

   <display-name>Struts Blank</display-name>

 

   <filter>

        <filter-name>struts2</filter-name>

        <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>

   </filter>

 

   <filter-mapping>

        <filter-name>struts2</filter-name>

        <url-pattern>/*</url-pattern>

   </filter-mapping>

 

   <welcome-file-list>

        <welcome-file>index.jsp</welcome-file>

   </welcome-file-list>

 

 

 

</web-app>

 

 

运行结果

权限的问题

当web.xml中设置为

<?xml version="1.0"encoding="UTF-8"?>

<web-app id="WebApp_9"version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"

         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:schemaLocation="http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

 

   <display-name>Struts Blank</display-name>

 

   <filter>

        <filter-name>struts2</filter-name>

        <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>

   </filter>

 

   <filter-mapping>

        <filter-name>struts2</filter-name>

        <url-pattern>/*</url-pattern>

   </filter-mapping>

 

   <welcome-file-list>

        <welcome-file>index.jsp</welcome-file>

   </welcome-file-list>

 

从这里开始是设置只能通过action，直接访问jsp是不行的，如下面两个图

   <!-- Restricts access to pure JSP files- access available only via Struts action -->

   <security-constraint>

        <display-name>No direct JSP access</display-name>

        <web-resource-collection>

            <web-resource-name>No-JSP</web-resource-name>

            <url-pattern>*.jsp</url-pattern>

        </web-resource-collection>

        <auth-constraint>

            <role-name>no-users</role-name>

        </auth-constraint>

   </security-constraint>

 

   <security-role>

        <description>Don't assign users to this role</description>

        <role-name>no-users</role-name>

   </security-role>

权限设置完毕

</web-app>

 

要是想直接访问index.jsp,可以将上面红色字体包裹的部分删除就可以了，可以直接访问jsp了。