应用情形:在web项目中,经常会遇到用户未登录或SESSION失效时用户发出非法的权限操作,如新闻的评论、文件的下载等等,在此我们可以使用struts拦截器对该用户发出的请求进行拦截,拦截后判断用户是否登录或SESSION是否有效,然后进行其正常操作。具体实例如下:
新建一个拦截器类UserInterceptor ,UserInterceptor.java代码如下
- package com.hsinghsu.test.interceptor;
- import com.opensymphony.xwork2.*;
- import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
- import java.util.*;
- import javax.servlet.http.HttpServletRequest;
- import org.apache.struts2.ServletActionContext;
- public class UserInterceptor extends AbstractInterceptor {
- private static final long serialVersionUID = 4956767125951165062L;
- // 拦截Action处理的拦截方法
- public String intercept(ActionInvocation invocation) throws Exception {
- // 取得请求相关的ActionContext实例
- ActionContext ctx = invocation.getInvocationContext();
- Map<String, Object> session = ctx.getSession();
- // 取出名为user的Session属性
- String user = (String) session.get("user");
- // 如果已经登录,放行
- if (user != null && user.equals("hsing")) {
- return invocation.invoke();
- }
- // 获取HttpServletRequest对象
- HttpServletRequest req = ServletActionContext.getRequest();
- // 获取此请求的地址
- String path = req.getRequestURI();
- System.out.println("path:" + path);
- // 存入session,方便调用
- session.put("prePage", path);
- // 没有登录,将服务器提示设置成一个HttpServletRequest属性
- ctx.put("tip", "您还没有登录,请输入hsing,hsu登录系统");
- // 直接返回login的逻辑视图
- return "login";
- }
- }
package com.hsinghsu.test.interceptor; import com.opensymphony.xwork2.*; import com.opensymphony.xwork2.interceptor.AbstractInterceptor; import java.util.*; import javax.servlet.http.HttpServletRequest; import org.apache.struts2.ServletActionContext; public class UserInterceptor extends AbstractInterceptor { private static final long serialVersionUID = 4956767125951165062L; // 拦截Action处理的拦截方法 public String intercept(ActionInvocation invocation) throws Exception { // 取得请求相关的ActionContext实例 ActionContext ctx = invocation.getInvocationContext(); Map<String, Object> session = ctx.getSession(); // 取出名为user的Session属性 String user = (String) session.get("user"); // 如果已经登录,放行 if (user != null && user.equals("hsing")) { return invocation.invoke(); } // 获取HttpServletRequest对象 HttpServletRequest req = ServletActionContext.getRequest(); // 获取此请求的地址 String path = req.getRequestURI(); System.out.println("path:" + path); // 存入session,方便调用 session.put("prePage", path); // 没有登录,将服务器提示设置成一个HttpServletRequest属性 ctx.put("tip", "您还没有登录,请输入hsing,hsu登录系统"); // 直接返回login的逻辑视图 return "login"; } }新建登录action,LoginAction.java代码如下:
- package com.hsinghsu.test.action;
- import com.opensymphony.xwork2.ActionSupport;
- import com.opensymphony.xwork2.ActionContext;
- import java.util.*;
- public class LoginAction extends ActionSupport {
- private static final long serialVersionUID = 8013816027944871760L;
- private String username;// 登录用户名
- private String password;// 登录密码
- private String prePage;// 登录前页面
- public String execute() throws Exception {
- if (null != username && null != password && username.equals("hsing") && password.equals("hsu")) {
- ActionContext ctx = ActionContext.getContext();
- Map<String, Object> session = ctx.getSession();
- //保存用户信息session
- session.put("user", getUsername());
- // 获取跳转到登陆界面之前的页面地址,由拦截器提供
- prePage = (String) session.get("prePage");
- // 清除session中的数据
- session.remove("prePage");
- if (null == prePage) {
- return "usercenter";// 不是拦截器跳转到登陆页面的,直接访问的登陆页面
- } else {
- return SUCCESS;// 是拦截器跳转到登陆登录前页面
- }
- } else {
- return INPUT;
- }
- }
- public void setUsername(String username) {
- this.username = username;
- }
- public String getUsername() {
- return this.username;
- }
- public void setPassword(String password) {
- this.password = password;
- }
- public String getPassword() {
- return this.password;
- }
- public String getPrePage() {
- return prePage;
- }
- public void setPrePage(String prePage) {
- this.prePage = prePage;
- }
- }
package com.hsinghsu.test.action; import com.opensymphony.xwork2.ActionSupport; import com.opensymphony.xwork2.ActionContext; import java.util.*; public class LoginAction extends ActionSupport { private static final long serialVersionUID = 8013816027944871760L; private String username;// 登录用户名 private String password;// 登录密码 private String prePage;// 登录前页面 public String execute() throws Exception { if (null != username && null != password && username.equals("hsing") && password.equals("hsu")) { ActionContext ctx = ActionContext.getContext(); Map<String, Object> session = ctx.getSession(); //保存用户信息session session.put("user", getUsername()); // 获取跳转到登陆界面之前的页面地址,由拦截器提供 prePage = (String) session.get("prePage"); // 清除session中的数据 session.remove("prePage"); if (null == prePage) { return "usercenter";// 不是拦截器跳转到登陆页面的,直接访问的登陆页面 } else { return SUCCESS;// 是拦截器跳转到登陆登录前页面 } } else { return INPUT; } } public void setUsername(String username) { this.username = username; } public String getUsername() { return this.username; } public void setPassword(String password) { this.password = password; } public String getPassword() { return this.password; } public String getPrePage() { return prePage; } public void setPrePage(String prePage) { this.prePage = prePage; } }配置拦截器与action映射关系,struts.xml代码如下:
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE struts PUBLIC
- "-//Apache Software Foundation//DTD Struts Configuration 2.1.7//EN"
- "http://struts.apache.org/dtds/struts-2.1.7.dtd">
- <struts>
- <constant name="struts.custom.i18n.resources" value="globalMessages" />
- <constant name="struts.i18n.encoding" value="UTF-8" />
- <package name="hsinghsu" extends="struts-default">
- <!-- 用户拦截器定义 -->
- <interceptors>
- <interceptor name="userInterceptor" class="com.hsinghsu.test.interceptor.UserInterceptor" />
- </interceptors>
- <!-- 定义全局result -->
- <global-results>
- <result name="login">/jsp/login.jsp</result>
- </global-results>
- <action name="loginPro" class="com.hsinghsu.test.action.LoginAction">
- <result name="success" type="redirectAction">${prePage}</result>
- <result name="input">/jsp/login.jsp</result>
- <result name="usercenter">/jsp/userCenter.jsp</result>
- </action>
- <action name="productList">
- <result name="success">/jsp/productList.jsp</result>
- <interceptor-ref name="defaultStack" /> <!-- 默认拦截器 -->
- <interceptor-ref name="userInterceptor" /> <!-- 应用自定义拦截器 -->
- </action>
- </package>
- </struts>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1.7//EN" "http://struts.apache.org/dtds/struts-2.1.7.dtd"> <struts> <constant name="struts.custom.i18n.resources" value="globalMessages" /> <constant name="struts.i18n.encoding" value="UTF-8" /> <package name="hsinghsu" extends="struts-default"> <!-- 用户拦截器定义 --> <interceptors> <interceptor name="userInterceptor" class="com.hsinghsu.test.interceptor.UserInterceptor" /> </interceptors> <!-- 定义全局result --> <global-results> <result name="login">/jsp/login.jsp</result> </global-results> <action name="loginPro" class="com.hsinghsu.test.action.LoginAction"> <result name="success" type="redirectAction">${prePage}</result> <result name="input">/jsp/login.jsp</result> <result name="usercenter">/jsp/userCenter.jsp</result> </action> <action name="productList"> <result name="success">/jsp/productList.jsp</result> <interceptor-ref name="defaultStack" /> <!-- 默认拦截器 --> <interceptor-ref name="userInterceptor" /> <!-- 应用自定义拦截器 --> </action> </package> </struts>登录页面login.jsp代码如下:
- <%@ page contentType="text/html; charset=utf-8" language="java"
- errorPage=""%>
- <%@ taglib prefix="s" uri="/struts-tags"%>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>登录页面</title>
- </head>
- <body>
- <h3>用户登录</h3>
- ${tip}
- <s:form action="loginPro">
- <s:textfield name="username" label="用户名" />
- <s:password name="password" label="密码" />
- <s:submit value="登录" />
- </s:form>
- </body>
- </html>
<%@ page contentType="text/html; charset=utf-8" language="java" errorPage=""%> <%@ taglib prefix="s" uri="/struts-tags"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>登录页面</title> </head> <body> <h3>用户登录</h3> ${tip} <s:form action="loginPro"> <s:textfield name="username" label="用户名" /> <s:password name="password" label="密码" /> <s:submit value="登录" /> </s:form> </body> </html>产品列表页面productList.jsp代码如下:
- <%@ page contentType="text/html; charset=utf-8" language="java"
- errorPage=""%>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>产品列表</title>
- </head>
- <body>
- <h2>水果:</h2>
- 苹果<br/> 橘子<br/> 香蕉<br/>
- </body>
- </html>
<%@ page contentType="text/html; charset=utf-8" language="java" errorPage=""%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>产品列表</title> </head> <body> <h2>水果:</h2> 苹果<br/> 橘子<br/> 香蕉<br/> </body> </html>用户中心userCenter.jsp代码如下:
- <%@ page contentType="text/html; charset=utf-8" language="java"
- errorPage=""%>
- <%@ taglib prefix="s" uri="/struts-tags"%>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>成功页面</title>
- </head>
- <body>个人用户中心,您已经登录!
- </body>
- </html>
<%@ page contentType="text/html; charset=utf-8" language="java" errorPage=""%> <%@ taglib prefix="s" uri="/struts-tags"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>成功页面</title> </head> <body>个人用户中心,您已经登录! </body> </html>验证:
情形一:若用户未登录,输入http://localhost:8686/testInterceptor/productList.action
则系统会自动跳转到login.jsp页面,进行用户登录,登录后系统会自动跳到productList.jsp前台展现页面。
情形二:若用户已登录,输入http://localhost:8686/testInterceptor/productList.action
则系统直接跳转到productList.jsp前台展现页面。
情形三:若用户未登录,输入http://localhost:8686/testInterceptor/testInterceptor/loginPro.action
则系统会自动跳转到login.jsp页面,进行用户登录,登录后系统会自动跳到userCenter.jsp前台展现页面。