STRUTS2 jsp 访问控制问题
第一个程序
按照以下的步骤来
导入jar包
1) 找到struts2的源码包,找到apps目录下,解压struts2-blank.war
2) 进入struts-2.3.20.1-all\struts-2.3.20.1\apps\struts2-blank\WEB-INF\lib
将这个目录下的所有jar导入myeclipse工程中,项目名/WebRoot/WEB-INF/lib目录下
这些jar名字为:
asm-5.0.2.jar
asm-commons-5.0.2.jar
asm-tree-5.0.2.jar
commons-fileupload-1.3.1.jar
commons-io-2.2.jar
commons-lang3-3.2.jar
freemarker-2.3.19.jar
javassist-3.11.0.GA.jar
log4j-1.2.17.jar
ognl-3.0.6.jar
struts2-core-2.3.20.1.jar
xwork-core-2.3.20.1.jar
3) 进入struts-2.3.20.1-all\struts-2.3.20.1\apps\struts2-blank\WEB-INF目录下,将web.xml复制到myeclipse项目的 项目名/WebRoot/WEB-INF 下
4) 进入struts-2.3.20.1-all\struts-2.3.20.1\apps\struts2-blank\WEB-INF\src\java目录下,将struts.xml 复制到 项目名/src目录下
写jsp页面
目录结构为:
Index.jsp
<%@ page language="java"import="java.util.*" pageEncoding="UTF-8"%>
<%
String path =request.getContextPath();
String basePath =request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTDHTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<linkrel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<a href="product-input.action">add product</a>
</body>
</html>
Input.jsp
<%@ page language="java"import="java.util.*" pageEncoding="UTF-8"%>
<%
String path =request.getContextPath();
String basePath =request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTDHTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'input.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<linkrel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<form action="product-save.action" method="post">
id:<input type="text" name="productId"/> <br/><br/>
name:<input type="text" name="productName"/> <br/><br/>
desc:<input type="text"name="productDesc"/> <br/><br/>
price: <input type="text" name="productPrice"><br/><br>
<input type="submit" name="submit"value="添加商品">
</form>
</body>
</html>
Detail.jsp
<%@ page language="java"import="java.util.*" pageEncoding="UTF-8"%>
<%
String path =request.getContextPath();
String basePath =request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTDHTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'detail.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<linkrel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
id: ${productId } <br/><br/>
name: ${productName } <br/><br/>
desc: ${productDesc } <br/><br/>
price: ${productPrice } <br/><br/>
</body>
</html>
Product类
package com.qing.struts2;
public classproduct {
private Integer productId;
private String productName;
private String productDesc;
private double productPrice;
public Integer getProductId(){
return productId;
}
public void setProductId(IntegerproductId) {
this.productId = productId;
}
public String getProductName(){
return productName;
}
public void setProductName(StringproductName) {
this.productName = productName;
}
public String getProductDesc(){
return productDesc;
}
public void setProductDesc(StringproductDesc) {
this.productDesc = productDesc;
}
public double getProductPrice() {
return productPrice;
}
public void setProductPrice(double productPrice) {
this.productPrice = productPrice;
}
public product() {
// TODO Auto-generated constructor stub
}
@Override
public String toString() {
return "product [productId="+ productId+ ", productName="
+productName+ ", productDesc=" + productDesc
+", productPrice=" + productPrice+ "]";
}
public String save()
{
System.out.println("saving "+ this.toString());
return "details";
}
}
配置文件
Struts.xml
<?xml version="1.0"encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD StrutsConfiguration 2.3//EN"
"http://struts.apache.org/dtds/struts-2.3.dtd">
<struts>
<package name="qing-pack" namespace="/"extends="struts-default">
<!--action 中 name的含义就是一个struts2的一个请求,或者也是serletpath去掉/和后缀action -->
<action name="product-input" >
<result>/WEB-INF/pages/input.jsp</result>
</action>
<action name="product-save" class="com.qing.struts2.product" method="save">
<result name="details">/WEB-INF/pages/detail.jsp</result>
</action>
</package>
<!-- Add packages here -->
</struts>
Web.xml
<?xml version="1.0"encoding="UTF-8"?>
<web-app id="WebApp_9"version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Struts Blank</display-name>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
运行结果
权限的问题
当web.xml中设置为
<?xml version="1.0"encoding="UTF-8"?>
<web-app id="WebApp_9"version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Struts Blank</display-name>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
从这里开始是设置只能通过action,直接访问jsp是不行的,如下面两个图
<!-- Restricts access to pure JSP files- access available only via Struts action -->
<security-constraint>
<display-name>No direct JSP access</display-name>
<web-resource-collection>
<web-resource-name>No-JSP</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>no-users</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>Don't assign users to this role</description>
<role-name>no-users</role-name>
</security-role>
权限设置完毕
</web-app>
要是想直接访问index.jsp,可以将上面红色字体包裹的部分删除就可以了,可以直接访问jsp了。