struts都是通过action来请求页面的,所以可以通过全局的拦截器来拦截用户的非法登陆,如果用户知道jsp页面的地址,这种情况基本不会出现,那就需要用过滤器对页面进行过滤拦截了.
这里用拦截器进行拦截.
firtpart.xml:(设定默认的拦截器,每个Action都会默认调用)
1 <?xml version="1.0" encoding="UTF-8"?> 2 <!DOCTYPE struts PUBLIC 3 "-//Apache Software Foundation//DTD Struts Configuration 2.3//EN" 4 "http://struts.apache.org/dtds/struts-2.3.dtd"> 5 6 <struts> 7 <package name="test" extends="struts-default" namespace="/test"> 8 9 <interceptors> 10 <interceptor name="loginJudge" 11 class="com.sunflower.interceptor.UsrLoginInterceptor"> 12 </interceptor> 13 14 <!-- 自定义拦截器栈 --> 15 <interceptor-stack name="myDefaultStack"> 16 <interceptor-ref name="loginJudge"></interceptor-ref> 17 <interceptor-ref name="defaultStack"></interceptor-ref> 18 </interceptor-stack> 19 </interceptors> 20 21 <!-- 将自定义拦截器栈设置默认的拦截器 --> 22 <default-interceptor-ref name="myDefaultStack"></default-interceptor-ref> 23 24 <global-results> 25 <result name="login" type="redirect">/login.jsp</result> 26 </global-results> 27 28 <action name="logintest" class="com.sunflower.action.LoginAction"> 29 <result name="success" type="redirectAction"> 30 <param name="actionName">sayhello</param> 31 <param name="namespace">/test</param> 32 <param name="username">${username}</param> 33 </result> 34 </action> 35 36 <action name="sayhello" class="com.sunflower.action.SayHelloAction"> 37 <result name="success">/welcome.jsp</result> 38 <result name="login">/login.jsp</result> 39 </action> 40 </package> 41 </struts>
sturts.xml:(引用firtpart.xml)
1 <?xml version="1.0" encoding="UTF-8"?> 2 <!DOCTYPE struts PUBLIC 3 "-//Apache Software Foundation//DTD Struts Configuration 2.3//EN" 4 "http://struts.apache.org/dtds/struts-2.3.dtd"> 5 6 7 <struts> 8 <include file="firtpart.xml"></include> 9 </struts>
UsrLoginInterceptor.java:(拦截器,对所有Action拦截,除了登陆Action)
1 package com.sunflower.interceptor; 2 3 import java.util.Map; 4 5 import com.opensymphony.xwork2.Action; 6 import com.opensymphony.xwork2.ActionInvocation; 7 import com.opensymphony.xwork2.interceptor.AbstractInterceptor; 8 import com.sunflower.action.LoginAction; 9 10 /** 11 * 用户拦截器,每个页面都会用到 12 * 13 * @author hanyuan 14 * @time 2012-6-6 下午12:38:05 15 */ 16 public class UsrLoginInterceptor extends AbstractInterceptor { 17 18 /** 19 * 判断用户是否已经登录,如果没有登录,则为非法请求,进行拦截 20 */ 21 public String intercept(ActionInvocation arg0) throws Exception { 22 // 判断是否请求为登录界面(login),如果是则不拦截 23 if (LoginAction.class == arg0.getAction().getClass()) 24 return arg0.invoke(); 25 26 27 // 如果是请求其他页面,进行拦截 28 Map map = arg0.getInvocationContext().getSession(); 29 if (null == map.get("username")) 30 return Action.LOGIN; 31 32 return arg0.invoke(); 33 } 34 35 }
LoginAction.java:(进行登陆校验)
1 package com.sunflower.action; 2 3 import java.util.Map; 4 5 import com.opensymphony.xwork2.ActionContext; 6 import com.opensymphony.xwork2.ActionSupport; 7 import com.sunflower.util.UserExist; 8 9 public class LoginAction extends ActionSupport { 10 private String username; 11 private String password; 12 13 public String getUsername() { 14 return username; 15 } 16 17 public void setUsername(String username) { 18 this.username = username; 19 } 20 21 public String getPassword() { 22 return password; 23 } 24 25 public void setPassword(String password) { 26 this.password = password; 27 } 28 29 public String execute() throws Exception { 30 // 设置session 31 Map map = ActionContext.getContext().getSession(); 32 // 如果用户存在 33 if (UserExist.isExist(username, password)) { 34 if (null == map.get("username")) 35 map.put("username", username); 36 return SUCCESS; 37 } 38 39 return LOGIN; 40 } 41 }
SayHelloAction.java:(转向欢迎界面的action)
1 package com.sunflower.action; 2 3 import com.opensymphony.xwork2.ActionSupport; 4 5 public class SayHelloAction extends ActionSupport { 6 String username; 7 8 public String getUsername() { 9 return username; 10 } 11 12 public void setUsername(String username) { 13 this.username = username; 14 } 15 16 public String execute() throws Exception { 17 return SUCCESS; 18 } 19 }
UserExist.java:(模拟用户校验的类)
1 package com.sunflower.util; 2 3 public class UserExist { 4 //判断用户是否存在 5 public static boolean isExist(String username, String password) 6 { 7 String name = username.trim(); 8 String word = password.trim(); 9 10 if(name.equals("yuan") && word.equals("123")) 11 return true; 12 return false; 13 } 14 }
login.jsp:
1 <%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> 2 <%@ taglib prefix="s" uri="/struts-tags"%> 3 <% 4 String path = request.getContextPath(); 5 String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/"; 6 %> 7 8 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 9 <html> 10 <head> 11 <base href="<%=basePath%>"> 12 13 <title>登录界面</title> 14 <meta http-equiv="pragma" content="no-cache"> 15 <meta http-equiv="cache-control" content="no-cache"> 16 <meta http-equiv="expires" content="0"> 17 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 18 <meta http-equiv="description" content="This is my page"> 19 <!-- 20 <link rel="stylesheet" type="text/css" href="styles.css"> 21 --> 22 </head> 23 24 <body> 25 <center> 26 <font color="bule" size="20">用户登录</font> 27 <br> 28 <s:form action="test/logintest"> 29 <s:textfield name="username" label="用户名:" size="20"></s:textfield> 30 <s:textfield name="password" label="密码:" size="20"></s:textfield> 31 <s:submit value="提交"></s:submit> 32 </s:form> 33 34 </center> 35 </body> 36 </html>
welcome.jsp:
1 <%@ page language="java" contentType="text/html; charset=UTF-8" 2 pageEncoding="UTF-8"%> 3 <%@ taglib prefix="s" uri="/struts-tags"%> 4 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 5 <html> 6 <head> 7 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 8 <title>登陆成功</title> 9 </head> 10 <body> 11 <center> 12 <s:property value="username"/>,恭喜你登录成功! 13 </center> 14 </body> 15 </html>