SSH的自定义登陆过滤器

参考资料  http://www.cnblogs.com/zsychanpin/p/6937267.html

一，web.xml配置  ：

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:web="http://xmlns.jcp.org/xml/ns/javaee">
<display-name>spring</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:ApplicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- 自定义过滤器 -->
<filter>
<filter-name>MyFilter</filter-name>
<filter-class>hepu.finacialGenius.project.filter.MyFilter</filter-class>
<init-param>
<param-name>logonStrings</param-name><!--对jsp页面不进行过滤 -->
<param-value>.jsp</param-value><!-- 可改 ！ -->
</init-param>
<init-param>
<param-name>includeStrings</param-name><!-- 仅对指定过滤參数后缀进行过滤 -->
<param-value>.do</param-value><!-- 可改 ！ -->
</init-param>
<init-param>
<param-name>redirectPath</param-name><!-- 未通过跳转到登录界面 -->
<param-value>/index.jsp</param-value><!-- 可改 ！ -->
</init-param>
<init-param>
<param-name>disabletestfilter</param-name><!-- Y:过滤无效 -->
<param-value>N</param-value><!-- 可改 ！ -->
</init-param>
</filter>
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>


<!-- struts2的过滤器 -->
<filter>


<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<description></description>
<display-name>Ajax</display-name>
<servlet-name>Ajax</servlet-name>
<servlet-class>hepu.finacialGenius.project.ajax.Ajax</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Ajax</servlet-name>
<url-pattern>/Ajax</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<display-name>AjaxServlet</display-name>
<servlet-name>AjaxServlet</servlet-name>
<servlet-class>hepu.finacialGenius.project.controller.AjaxServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AjaxServlet</servlet-name>
<url-pattern>/AjaxServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>

注：struts2的过滤器 /* 最好不要改

二，自定义过滤类的书写

    public FilterConfig config;

@Override
public void destroy() {
this.config = null;
}


public static boolean isContains(String container, String[] regx) {
        boolean result = false;


        for (int i = 0; i < regx.length; i++) {
            if (container.indexOf(regx[i]) != -1) {
                return true;
            }
        }
        return result;
    }

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
    HttpServletRequest hrequest = (HttpServletRequest)request;
        HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper((HttpServletResponse) response);
        
        String logonStrings = config.getInitParameter("logonStrings");     //   不改<!--登录登陆页面-->
        String includeStrings = config.getInitParameter("includeStrings");   //不改 <!--过滤资源后缀參数-->
        String redirectPath = hrequest.getContextPath() + config.getInitParameter("redirectPath"); //不改<!--没有登陆转向页面-->
        String disabletestfilter = config.getInitParameter("disabletestfilter");//不改<!-- 过滤器是否有效-->
        
        if (disabletestfilter.toUpperCase().equals("Y")) {    //<!--过滤无效-->
            chain.doFilter(request, response);
            return;
        }
        String[] logonList = logonStrings.split(";");
        String[] includeList = includeStrings.split(";");
        
        if (!MyFilter.isContains(hrequest.getRequestURI(), includeList)) { //<!--仅仅对指定过滤參数后缀进行过滤-->
            chain.doFilter(request, response);
            return;
        }
        
        if (MyFilter.isContains(hrequest.getRequestURI(), logonList)) { //<!--对登录页面不进行过滤-->
            chain.doFilter(request, response);
            return;
        }
        
        String user = ( String ) hrequest.getSession().getAttribute("userName"); //<!--推断用户是否登录-->
        System.out.println(user);
        if (user == null) {
        System.out.println("成功拦截到外星人企图入侵网站后台   :  " + hrequest.getRequestURI());  
            wrapper.sendRedirect(redirectPath);
            return;
        }else {
            chain.doFilter(request, response);
            return;
        }

}


@Override
public void init(FilterConfig filterConfig) throws ServletException {
config = filterConfig;

}

三，struts.xml 

 注：虽然这里加了后缀，不过action里面的name属性不要加后缀 ，但在JSP里访问action的地方要加后缀！ 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.5//EN"
"http://struts.apache.org/dtds/struts-2.5.dtd">
<struts>
    <constant name="struts.action.extension" value="do,action" />
    <include file="struts_genius.xml"></include>
    <include file="struts_personal.xml"></include>
    <include file="struts_redirection.xml"></include>
<package name="default" extends="struts-default" namespace="/">
<action name="*_admin"  class="hepu.finacialGenius.project.controller.GeniusController" method="{1}">
<result name="adminLoginSuccess">/WEB-INF/views/adminMain.jsp</result>
<result name="adminstorLoginFail">/WEB-INF/views/adminLogin.jsp</result>
<allowed-methods>adminLogin,</allowed-methods>
</action>
<action name="*_adminredirection" class="hepu.finacialGenius.project.controller.GeniusController" method="{1}">
<result name="toAdminLogin">/WEB-INF/views/adminLogin.jsp</result>
<result name="toAdminUserShow">/WEB-INF/views/adminUserShow.jsp</result>
<result name="toAdminMain">/WEB-INF/views/adminMain.jsp</result>
<allowed-methods>toAdminLogin,toAdminUserShow</allowed-methods>
</action>
<action name="*_skip" class="hepu.finacialGenius.project.controller.GeniusController"  method="{1}">
<result name="loginSuccess">/WEB-INF/views/main.jsp</result>
<result name="loginFail">index.jsp</result>
<result name="toRegister">/WEB-INF/views/register.jsp</result>
<result name="tofindPassword">/WEB-INF/views/findPassword.jsp</result>
<result name="tofindPasswordByApplication">/WEB-INF/views/findPasswordByApplication.jsp</result>
<result name="nameJudgeSuccess">
    <param name="location">index.jsp</param>
                <param name="parse">true</param>
</result>
    <allowed-methods>login,register,nameJudge,toRegister,
                     tofindPassword
    </allowed-methods>
</action>
</package>
</struts>

小白一枚，不能保证都是对的，仅供参考。