struts2中使用拦截器(Interceptor)控制登录和权限
转载:http://www.itpub.net/thread-966462-1-1.html
在jsp servlet中我们通常使用Servlet Filter控制用户是否登入, 是否有权限转到某个页面。在struts2中我们应该会想到他的拦截器(Interceptor), Interceptor在struts2中起着非常重要的作用。 很多struts2中的功能都是使用Interceptor实现的。
需求:简单的登入界面,让用户输入用户名、密码、记住密码(remember me)。 如果用户选中remember me的话, 下次就不需要再登入了(使用cookie实现, 用需要点击logout取消remeber me功能)。 如果用户起始输入的地址不是登入页面的话,在用户登入之后需要转到用户输入的起始地址。
我们先看看LoginInterceptor.java
Java代码
首先判断session中有没有用户信息, 如果有的话继续, 如果没有的话,检查cookie中有没有rememberme的值,如果有的话,用==分割, 取得用户名密码进行登入。如果没有这个用户的话,记录下request的action地址然后转到登入页面。如果验证有这个用户,则继续下面的interceptor。 如果cookie中没有信息的话,则记录request的action地址然后转到登入页面。 以上就是LoginInterceptor的全部代码。
下面我们看看struts.xml
Java代码
我们是使用的默认的interceptor stack是loginInterceptor, 如果你需要让不登入的用户也能访问的话,你需要配置你的action使用defaultStack。 我们这里的login, register使用的就是defaultStack。 这里要注意的是success的result是我们用LoginInterceptor设过来的值。 这样我们就能够转到用户输入的起始页面。 下面我们再来看看login.jsp 和 loginAction
Java代码
Java代码
转载:http://www.itpub.net/thread-966462-1-1.html
在jsp servlet中我们通常使用Servlet Filter控制用户是否登入, 是否有权限转到某个页面。在struts2中我们应该会想到他的拦截器(Interceptor), Interceptor在struts2中起着非常重要的作用。 很多struts2中的功能都是使用Interceptor实现的。
需求:简单的登入界面,让用户输入用户名、密码、记住密码(remember me)。 如果用户选中remember me的话, 下次就不需要再登入了(使用cookie实现, 用需要点击logout取消remeber me功能)。 如果用户起始输入的地址不是登入页面的话,在用户登入之后需要转到用户输入的起始地址。
我们先看看LoginInterceptor.java
Java代码
- package com.javaeye.dengyin2000.wallet.interceptor;
- import java.util.Map;
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServletRequest;
- import org.apache.commons.lang.StringUtils;
- import org.apache.struts2.StrutsStatics;
- import com.javaeye.dengyin2000.wallet.dao.UserDAO;
- import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;
- import com.javaeye.dengyin2000.wallet.domains.User;
- import com.opensymphony.xwork2.ActionContext;
- import com.opensymphony.xwork2.ActionInvocation;
- import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
- public class LoginInterceptor extends AbstractInterceptor {
- public static final String USER_SESSION_KEY="wallet.session.user";
- public static final String COOKIE_REMEMBERME_KEY="wallet.cookie.rememberme";
- public static final String GOING_TO_URL_KEY="GOING_TO";
- private UserDAO userDao;
- @Override
- public String intercept(ActionInvocation invocation) throws Exception {
- ActionContext actionContext = invocation.getInvocationContext();
- HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
- Map session = actionContext.getSession();
- if (session != null && session.get(USER_SESSION_KEY) != null){
- return invocation.invoke();
- }
- Cookie[] cookies = request.getCookies();
- if (cookies!=null) {
- for (Cookie cookie : cookies) {
- if (COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {
- String value = cookie.getValue();
- if (StringUtils.isNotBlank(value)) {
- String[] split = value.split("==";
- String userName = split[0];
- String password = split[1];
- try {
- User user = userDao
- .attemptLogin(userName, password);
- session.put(USER_SESSION_KEY, user);
- } catch (UserNotFoundException e) {
- setGoingToURL(session, invocation);
- return "login";
- }
- } else {
- setGoingToURL(session, invocation);
- return "login";
- }
- return invocation.invoke();
- }
- }
- }
- setGoingToURL(session, invocation);
- return "login";
- }
- private void setGoingToURL(Map session, ActionInvocation invocation){
- String url = "";
- String namespace = invocation.getProxy().getNamespace();
- if (StringUtils.isNotBlank(namespace) && !namespace.equals("/"){
- url = url + namespace;
- }
- String actionName = invocation.getProxy().getActionName();
- if (StringUtils.isNotBlank(actionName)){
- url = url + "/" + actionName + ".action";
- }
- session.put(GOING_TO_URL_KEY, url);
- }
- public UserDAO getUserDao() {
- return userDao;
- }
- public void setUserDao(UserDAO userDao) {
- this.userDao = userDao;
- }
- }
- package com.javaeye.dengyin2000.wallet.interceptor;
- import java.util.Map;
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServletRequest;
- import org.apache.commons.lang.StringUtils;
- import org.apache.struts2.StrutsStatics;
- import com.javaeye.dengyin2000.wallet.dao.UserDAO;
- import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;
- import com.javaeye.dengyin2000.wallet.domains.User;
- import com.opensymphony.xwork2.ActionContext;
- import com.opensymphony.xwork2.ActionInvocation;
- import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
- public class LoginInterceptor extends AbstractInterceptor {
- public static final String USER_SESSION_KEY="wallet.session.user";
- public static final String COOKIE_REMEMBERME_KEY="wallet.cookie.rememberme";
- public static final String GOING_TO_URL_KEY="GOING_TO";
- private UserDAO userDao;
- @Override
- public String intercept(ActionInvocation invocation) throws Exception {
- ActionContext actionContext = invocation.getInvocationContext();
- HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
- Map session = actionContext.getSession();
- if (session != null && session.get(USER_SESSION_KEY) != null){
- return invocation.invoke();
- }
- Cookie[] cookies = request.getCookies();
- if (cookies!=null) {
- for (Cookie cookie : cookies) {
- if (COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {
- String value = cookie.getValue();
- if (StringUtils.isNotBlank(value)) {
- String[] split = value.split("==";
- String userName = split[0];
- String password = split[1];
- try {
- User user = userDao
- .attemptLogin(userName, password);
- session.put(USER_SESSION_KEY, user);
- } catch (UserNotFoundException e) {
- setGoingToURL(session, invocation);
- return "login";
- }
- } else {
- setGoingToURL(session, invocation);
- return "login";
- }
- return invocation.invoke();
- }
- }
- }
- setGoingToURL(session, invocation);
- return "login";
- }
- private void setGoingToURL(Map session, ActionInvocation invocation){
- String url = "";
- String namespace = invocation.getProxy().getNamespace();
- if (StringUtils.isNotBlank(namespace) && !namespace.equals("/"){
- url = url + namespace;
- }
- String actionName = invocation.getProxy().getActionName();
- if (StringUtils.isNotBlank(actionName)){
- url = url + "/" + actionName + ".action";
- }
- session.put(GOING_TO_URL_KEY, url);
- }
- public UserDAO getUserDao() {
- return userDao;
- }
- public void setUserDao(UserDAO userDao) {
- this.userDao = userDao;
- }
- }
首先判断session中有没有用户信息, 如果有的话继续, 如果没有的话,检查cookie中有没有rememberme的值,如果有的话,用==分割, 取得用户名密码进行登入。如果没有这个用户的话,记录下request的action地址然后转到登入页面。如果验证有这个用户,则继续下面的interceptor。 如果cookie中没有信息的话,则记录request的action地址然后转到登入页面。 以上就是LoginInterceptor的全部代码。
下面我们看看struts.xml
Java代码
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE struts PUBLIC
- "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
- "http://struts.apache.org/dtds/struts-2.0.dtd">
- <struts>
- <package name="default" extends="struts-default">
- <interceptors>
- <interceptor name="loginInterceptor" class="loginInterceptor"></interceptor>
- <interceptor-stack name="loginDefaultStack">
- <interceptor-ref name="loginInterceptor"></interceptor-ref>
- <interceptor-ref name="defaultStack"></interceptor-ref>
- </interceptor-stack>
- </interceptors>
- <default-interceptor-ref name="loginDefaultStack"></default-interceptor-ref>
- <global-results>
- <result name="login" type="redirect">/login.jsp</result>
- </global-results>
- <action name="index" class="indexAction">
- <result>/index.jsp</result>
- </action>
- <action name="logout" class="logoutAction"></action>
- <action name="login" class="loginAction" method="login">
- <result type="redirect">${goingToURL}</result>
- <result name="input">/login.jsp</result>
- <interceptor-ref name="defaultStack"></interceptor-ref>
- </action>
- <action name="register" class="registerAction">
- <result type="redirect">/login.jsp</result>
- <result name="input">/register.jsp</result>
- <interceptor-ref name="defaultStack"></interceptor-ref>
- </action>
- </package>
- </struts>
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE struts PUBLIC
- "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
- "http://struts.apache.org/dtds/struts-2.0.dtd">
- <struts>
- <package name="default" extends="struts-default">
- <interceptors>
- <interceptor name="loginInterceptor" class="loginInterceptor"></interceptor>
- <interceptor-stack name="loginDefaultStack">
- <interceptor-ref name="loginInterceptor"></interceptor-ref>
- <interceptor-ref name="defaultStack"></interceptor-ref>
- </interceptor-stack>
- </interceptors>
- <default-interceptor-ref name="loginDefaultStack"></default-interceptor-ref>
- <global-results>
- <result name="login" type="redirect">/login.jsp</result>
- </global-results>
- <action name="index" class="indexAction">
- <result>/index.jsp</result>
- </action>
- <action name="logout" class="logoutAction"></action>
- <action name="login" class="loginAction" method="login">
- <result type="redirect">${goingToURL}</result>
- <result name="input">/login.jsp</result>
- <interceptor-ref name="defaultStack"></interceptor-ref>
- </action>
- <action name="register" class="registerAction">
- <result type="redirect">/login.jsp</result>
- <result name="input">/register.jsp</result>
- <interceptor-ref name="defaultStack"></interceptor-ref>
- </action>
- </package>
- </struts>
我们是使用的默认的interceptor stack是loginInterceptor, 如果你需要让不登入的用户也能访问的话,你需要配置你的action使用defaultStack。 我们这里的login, register使用的就是defaultStack。 这里要注意的是success的result是我们用LoginInterceptor设过来的值。 这样我们就能够转到用户输入的起始页面。 下面我们再来看看login.jsp 和 loginAction
Java代码
- <%@taglib prefix="s" uri="/struts-tags" %>
- <%@ page language="java" contentType="text/html; charset=UTF-8"
- pageEncoding="UTF-8"%>
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <title>Wallet-Login</title>
- </head>
- <body>
- <h2>Login</h2>
- <s:actionmessage/>
- <s:actionerror/>
- <s:form action="login" method="post" validate="false" theme="xhtml">
- <s:textfield name="loginName" label="Username"></s:textfield><br/>
- <sassword name="password" label="Password"></sassword><br/>
- <s:checkbox label="Remember Me" name="rememberMe"></s:checkbox>
- <s:submit value="%{'Login'}"></s:submit>
- </s:form>
- <a href="register.jsp">Register</a>
- </body>
- </html>
- <%@taglib prefix="s" uri="/struts-tags" %>
- <%@ page language="java" contentType="text/html; charset=UTF-8"
- pageEncoding="UTF-8"%>
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <title>Wallet-Login</title>
- </head>
- <body>
- <h2>Login</h2>
- <s:actionmessage/>
- <s:actionerror/>
- <s:form action="login" method="post" validate="false" theme="xhtml">
- <s:textfield name="loginName" label="Username"></s:textfield><br/>
- <sassword name="password" label="Password"></sassword><br/>
- <s:checkbox label="Remember Me" name="rememberMe"></s:checkbox>
- <s:submit value="%{'Login'}"></s:submit>
- </s:form>
- <a href="register.jsp">Register</a>
- </body>
- </html>
Java代码
- package com.javaeye.dengyin2000.wallet.actions;
- import java.util.Map;
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import org.apache.commons.lang.StringUtils;
- import org.apache.struts2.interceptor.CookiesAware;
- import org.apache.struts2.interceptor.ServletRequestAware;
- import org.apache.struts2.interceptor.ServletResponseAware;
- import org.apache.struts2.interceptor.SessionAware;
- import com.javaeye.dengyin2000.wallet.dao.UserDAO;
- import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;
- import com.javaeye.dengyin2000.wallet.domains.User;
- import com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor;
- import com.opensymphony.xwork2.ActionSupport;
- public class LoginAction extends ActionSupport implements ServletResponseAware, ServletRequestAware, SessionAware, CookiesAware{
- private UserDAO userDao;
- private String loginName;
- private String password;
- private boolean rememberMe;
- private HttpServletResponse response;
- private HttpServletRequest request;
- private Map session;
- private Map cookies;
- private String goingToURL;
- public String getGoingToURL() {
- return goingToURL;
- }
- public void setGoingToURL(String goingToURL) {
- this.goingToURL = goingToURL;
- }
- public boolean isRememberMe() {
- return rememberMe;
- }
- public void setRememberMe(boolean rememberMe) {
- this.rememberMe = rememberMe;
- }
- public String getLoginName() {
- return loginName;
- }
- public void setLoginName(String loginName) {
- this.loginName = loginName;
- }
- public String getPassword() {
- return password;
- }
- public void setPassword(String password) {
- this.password = password;
- }
- public String login()throws Exception{
- try {
- User user = userDao.attemptLogin(loginName, password);
- if (rememberMe){
- Cookie cookie = new Cookie(LoginInterceptor.COOKIE_REMEMBERME_KEY, user.getLoginName() + "==" + user.getPassword());
- cookie.setMaxAge(60 * 60 * 24 * 14);
- response.addCookie(cookie);
- }
- session.put(LoginInterceptor.USER_SESSION_KEY, user);
- String goingToURL = (String) session.get(LoginInterceptor.GOING_TO_URL_KEY);
- if (StringUtils.isNotBlank(goingToURL)){
- setGoingToURL(goingToURL);
- session.remove(LoginInterceptor.GOING_TO_URL_KEY);
- }else{
- setGoingToURL("index.action";
- }
- return SUCCESS;
- } catch (UserNotFoundException e) {
- addActionMessage("user name or password is not corrected.";
- return INPUT;
- }
- }
- public UserDAO getUserDao() {
- return userDao;
- }
- public void setUserDao(UserDAO userDao) {
- this.userDao = userDao;
- }
- public void setServletResponse(HttpServletResponse response) {
- this.response = response;
- }
- public void setServletRequest(HttpServletRequest request) {
- this.request = request;
- }
- public void setSession(Map session) {
- this.session = session;
- }
- public void setCookiesMap(Map cookies) {
- this.cookies = cookies;
- }
- }
- package com.javaeye.dengyin2000.wallet.actions;
- import java.util.Map;
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import org.apache.commons.lang.StringUtils;
- import org.apache.struts2.interceptor.CookiesAware;
- import org.apache.struts2.interceptor.ServletRequestAware;
- import org.apache.struts2.interceptor.ServletResponseAware;
- import org.apache.struts2.interceptor.SessionAware;
- import com.javaeye.dengyin2000.wallet.dao.UserDAO;
- import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;
- import com.javaeye.dengyin2000.wallet.domains.User;
- import com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor;
- import com.opensymphony.xwork2.ActionSupport;
- public class LoginAction extends ActionSupport implements ServletResponseAware, ServletRequestAware, SessionAware, CookiesAware{
- private UserDAO userDao;
- private String loginName;
- private String password;
- private boolean rememberMe;
- private HttpServletResponse response;
- private HttpServletRequest request;
- private Map session;
- private Map cookies;
- private String goingToURL;
- public String getGoingToURL() {
- return goingToURL;
- }
- public void setGoingToURL(String goingToURL) {
- this.goingToURL = goingToURL;
- }
- public boolean isRememberMe() {
- return rememberMe;
- }
- public void setRememberMe(boolean rememberMe) {
- this.rememberMe = rememberMe;
- }
- public String getLoginName() {
- return loginName;
- }
- public void setLoginName(String loginName) {
- this.loginName = loginName;
- }
- public String getPassword() {
- return password;
- }
- public void setPassword(String password) {
- this.password = password;
- }
- public String login()throws Exception{
- try {
- User user = userDao.attemptLogin(loginName, password);
- if (rememberMe){
- Cookie cookie = new Cookie(LoginInterceptor.COOKIE_REMEMBERME_KEY, user.getLoginName() + "==" + user.getPassword());
- cookie.setMaxAge(60 * 60 * 24 * 14);
- response.addCookie(cookie);
- }
- session.put(LoginInterceptor.USER_SESSION_KEY, user);
- String goingToURL = (String) session.get(LoginInterceptor.GOING_TO_URL_KEY);
- if (StringUtils.isNotBlank(goingToURL)){
- setGoingToURL(goingToURL);
- session.remove(LoginInterceptor.GOING_TO_URL_KEY);
- }else{
- setGoingToURL("index.action";
- }
- return SUCCESS;
- } catch (UserNotFoundException e) {
- addActionMessage("user name or password is not corrected.";
- return INPUT;
- }
- }
- public UserDAO getUserDao() {
- return userDao;
- }
- public void setUserDao(UserDAO userDao) {
- this.userDao = userDao;
- }
- public void setServletResponse(HttpServletResponse response) {
- this.response = response;
- }
- public void setServletRequest(HttpServletRequest request) {
- this.request = request;
- }
- public void setSession(Map session) {
- this.session = session;
- }
- public void setCookiesMap(Map cookies) {
- this.cookies = cookies;
- }
- }
- 差不多就是这么多代码了。 最后看看logoutAction
- Java代码
- package com.javaeye.dengyin2000.wallet.actions;
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- import org.apache.struts2.interceptor.ServletRequestAware;
- import org.apache.struts2.interceptor.ServletResponseAware;
- import com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor;
- import com.opensymphony.xwork2.ActionSupport;
- public class LogoutAction extends ActionSupport implements ServletRequestAware , ServletResponseAware{
- private HttpServletRequest request;
- private HttpServletResponse response;
- public String execute() throws Exception{
- HttpSession session = request.getSession(false);
- if (session!=null)
- session.removeAttribute(LoginInterceptor.USER_SESSION_KEY);
- Cookie[] cookies = request.getCookies();
- if (cookies!=null) {
- for (Cookie cookie : cookies) {
- if (LoginInterceptor.COOKIE_REMEMBERME_KEY.equals(cookie
- .getName())) {
- cookie.setValue("";
- cookie.setMaxAge(0);
- response.addCookie(cookie);
- return "login";
- }
- }
- }
- return "login";
- }
- public void setServletRequest(HttpServletRequest request) {
- this.request = request;
- }
- public void setServletResponse(HttpServletResponse response) {
- this.response = response;
- }
- }
- package com.javaeye.dengyin2000.wallet.actions;
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- import org.apache.struts2.interceptor.ServletRequestAware;
- import org.apache.struts2.interceptor.ServletResponseAware;
- import com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor;
- import com.opensymphony.xwork2.ActionSupport;
- public class LogoutAction extends ActionSupport implements ServletRequestAware , ServletResponseAware{
- private HttpServletRequest request;
- private HttpServletResponse response;
- public String execute() throws Exception{
- HttpSession session = request.getSession(false);
- if (session!=null)
- session.removeAttribute(LoginInterceptor.USER_SESSION_KEY);
- Cookie[] cookies = request.getCookies();
- if (cookies!=null) {
- for (Cookie cookie : cookies) {
- if (LoginInterceptor.COOKIE_REMEMBERME_KEY.equals(cookie
- .getName())) {
- cookie.setValue("";
- cookie.setMaxAge(0);
- response.addCookie(cookie);
- return "login";
- }
- }
- }
- return "login";
- }
- public void setServletRequest(HttpServletRequest request) {
- this.request = request;
- }
- public void setServletResponse(HttpServletResponse response) {
- this.response = response;
- }
- }
- 这里需要注意的是需要把cookie也清理下。
- applicationContext-struts.xml
- Java代码
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE beans PUBLIC
- "-//SPRING//DTD BEAN//EN"
- "http://www.springframework.org/dtd/spring-beans.dtd">
- <beans>
- <!-- Example of SAF2 action instantiated by Spring -->
- <!-- bean id="helloWorldAction" class="tutorial.HelloWorldAction" singleton="false" />
- -->
- <bean id="indexAction" class="com.javaeye.dengyin2000.wallet.actions.IndexAction" singleton="false"></bean>
- <bean id="loginAction" class="com.javaeye.dengyin2000.wallet.actions.LoginAction" singleton="false">
- <property name="userDao" ref="userDao" />
- </bean>
- <bean id="logoutAction" class="com.javaeye.dengyin2000.wallet.actions.LogoutAction" singleton="false"></bean>
- <bean id="registerAction" class="com.javaeye.dengyin2000.wallet.actions.RegisterAction" singleton="false"></bean>
- <!-- the following is struts2 interceptors -->
- <bean id="loginInterceptor" class="com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor">
- <property name="userDao" ref="userDao" />
- </bean>
- <bean id="userDao" class="com.javaeye.dengyin2000.wallet.dao.UserDAOImpl">
- </bean>
- </beans>