struts2中用interceptor实现权限控制

    在jsp servlet中我们通常使用Servlet Filter控制用户是否登入， 是否有权限转到某个页面。在struts2中我们应该会想到他的拦截器(Interceptor)， Interceptor在struts2中起着非常重要的作用。很多struts2中的功能都是使用Interceptor实现的。

    需求：简单的登入界面，让用户输入用户名，密码，记住密码(remember me)。如果用户选中remember me的话，下次就不需要再登入了(使用cookie实现， 用需要点击logout取消remeber me功能)。如果用户起始输入的地址不是登入页面的话,在用户登入之后需要转到用户输入的起始地址。

功能概图：

项目文件概图：

struts.xml 配置部分：

<!-- 演示权限控制 --><package name="authority" extends="struts-default" namespace="/authority"><interceptors><interceptor name="loginInterceptor" class="com.gq.action.LoginInterceptor"/><interceptor-stack name="loginDefaultStack"><interceptor-ref name="loginInterceptor"/><interceptor-ref name="defaultStack"/></interceptor-stack></interceptors><default-interceptor-ref name="loginDefaultStack"/><global-results><result name="login" type="redirect">/authority/login.jsp</result></global-results> <action name="Index" class="com.gq.action.IndexAction"><result>/authority/main.jsp</result><interceptor-ref name="loginDefaultStack"/></action><action name="Logout" class="com.gq.action.LogoutAction"></action><action name="Login" class="com.gq.action.LoginAction" method="login"><result type="redirect">${goingToURL}</result><result name="input">/authority/login.jsp</result><interceptor-ref name="defaultStack"/></action><!-- 没有实现 class <action name="Register" class="com.gq.action.LoginAction"><result type="redirect">/authority/login.jsp</result><result name="input">/authority/register.jsp</result><interceptor-ref name="defaultStack"/></action>--></package>

各文件描述和源代码：

IndexAction.java，直接跳转到 main.jsp，该action 名称为 “Index”，并配置有登陆权限验证拦截器！

public class IndexAction extends ActionSupport {private static final long serialVersionUID = 7078603236740619967L;@Overridepublic String execute() throws Exception {// Just return to /main.jspreturn SUCCESS;}}

LoginAction.java，验证“登陆名”和“密码”是否正确，保存“用户”到 Session中，并根据参数决定是否保存Cookie

其中要判断：

1、用户直接进入 login.jsp的页面？验证成功后，跳转到 main.jsp页面。

2、用户从其他页面 xxx.jsp，因为没有权限验证失败而回到 login.jsp？则验证成功后，跳转到 xxx.jsp页面。

（这里为了演示简化，xxx.jsp 就指定为 main.jsp 页面）

public class LoginAction extends ActionSupport implements ServletResponseAware, SessionAware {private static final long serialVersionUID = 2965422004870746408L;private String loginName;private String password;private boolean rememberMe;private HttpServletResponse response;private Map session;private String goingToURL;public String getGoingToURL() {return goingToURL;}public void setGoingToURL(String goingToURL) {this.goingToURL = goingToURL;}public boolean isRememberMe() {return rememberMe;}public void setRememberMe(boolean rememberMe) {this.rememberMe = rememberMe;}public String getLoginName() {return loginName;}public void setLoginName(String loginName) {this.loginName = loginName;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public void setServletResponse(HttpServletResponse response) {this.response = response;}public void setSession(Map session) {this.session = session;}public String login() throws Exception {System.out.println("In login..." + getLoginName());try {User user = new UserDAO().attemptLogin(getLoginName(), getPassword());//Add cookieif (rememberMe) {response.addCookie(createCookie(user));}//Add into sessionsession.put(LoginInterceptor.USER_SESSION_KEY, user);String goingToURL = (String) session.get(LoginInterceptor.GOING_TO_URL_KEY);if (StringUtils.isNotBlank(goingToURL)){setGoingToURL(goingToURL);session.remove(LoginInterceptor.GOING_TO_URL_KEY);} else {setGoingToURL("Index.action");}return SUCCESS;} catch (UserNotFoundException e) {addActionMessage("user name or password is not corrected.");return INPUT;}}Cookie createCookie( User user ){int SEVEN_DAYS = 60 * 60 * 24 * 7;Cookie cookie = new Cookie(LoginInterceptor.COOKIE_REMEMBERME_KEY, createValue(user));cookie.setMaxAge(SEVEN_DAYS);return cookie;}String createValue( User user ){return user.getLoginName()+ "==" + user.getPassword();}}

LoginInterceptor.java，登陆拦截器，根据 Session判断用户是否在线或根据Cookie解析能否登陆。

public class LoginInterceptor extends AbstractInterceptor {private static final long serialVersionUID = -5889213773673649255L;public static final String USER_SESSION_KEY = "wallet.session.user";public static final String COOKIE_REMEMBERME_KEY = "wallet.cookie.rememberme";public static final String GOING_TO_URL_KEY = "GOING_TO";public static final String LOGIN = "login";@Overridepublic String intercept(ActionInvocation invocation) throws Exception {System.out.println("In LoginInterceptor...");ActionContext actionContext = invocation.getInvocationContext();HttpServletRequest request = (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);//用户在登录状态Map<String,String> session = actionContext.getSession();if (session != null && session.get(USER_SESSION_KEY) != null) {System.out.println("In user is login, saved information in session...");return invocation.invoke();}//用户从Cookie中解析信息，然后登录return loginFromCookie(request, invocation, session);}String loginFromCookie(HttpServletRequest request, ActionInvocation invocation,Map session) throws Exception{System.out.println("In loginFromCookie...");Cookie[] cookies = request.getCookies();if( cookies == null ){//No cookiessetGoingToURL(session, invocation);return LOGIN;}Cookie cookie = findCookieByName( cookies );if( cookie == null ){//No cookie by the namesetGoingToURL(session, invocation);return LOGIN;}String loginName = parseLoginName( cookie );String password  = parsePassword( cookie );if( loginName == null || password == null ){//parse loginName or password fail...setGoingToURL(session, invocation);return LOGIN;}try {User user = new UserDAO().attemptLogin(loginName, password);session.put(USER_SESSION_KEY, user);return invocation.invoke();} catch (UserNotFoundException e) {setGoingToURL(session, invocation);return LOGIN;}}    Cookie findCookieByName(Cookie[] cookies) {    for( Cookie cookie : cookies ){    if(COOKIE_REMEMBERME_KEY.equals(cookie.getName())){    return cookie;    }    }return null;}String parsePassword(Cookie cookie) {    String value = cookie.getValue();    if (StringUtils.isBlank(value)) {    return null;    }    String[] split = value.split("==");    if( split.length < 2 ){    return null;    }    return split[1];}String parseLoginName(Cookie cookie) {String value = cookie.getValue();    if (StringUtils.isBlank(value)) {    return null;    }    String[] split = value.split("==");    return split[0];}private void setGoingToURL(Map session, ActionInvocation invocation) {String url = "";String namespace = invocation.getProxy().getNamespace();if (StringUtils.isNotBlank(namespace) && !namespace.equals("/")) {url = url + namespace;}String actionName = invocation.getProxy().getActionName();if (StringUtils.isNotBlank(actionName)) {url = url + "/" + actionName + ".action";}session.put(GOING_TO_URL_KEY, url);}}

LogoutAction.java，注销，清空Session中的信息，删除Cookie

public class LogoutAction extends ActionSupport implements ServletRequestAware,ServletResponseAware {private static final long serialVersionUID = -7680746852412424580L;private HttpServletRequest request;private HttpServletResponse response;public void setServletRequest(HttpServletRequest request) {this.request = request;}public void setServletResponse(HttpServletResponse response) {this.response = response;}public String execute() throws Exception {System.out.println("In logout..." + getNameForLogout());removeFromSession();removeFromCookies();return "login";}void removeFromSession() {HttpSession session = request.getSession(false);if (session != null)session.removeAttribute(LoginInterceptor.USER_SESSION_KEY);}void removeFromCookies() {Cookie[] cookies = request.getCookies();if (cookies != null) {for (Cookie cookie : cookies) {if (LoginInterceptor.COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {cookie.setValue("");cookie.setMaxAge(0);response.addCookie(cookie);return;}}}}String getNameForLogout(){HttpSession session = request.getSession(false);if( session == null){return "Session is null...";}User user = (User)session.getAttribute(LoginInterceptor.USER_SESSION_KEY);return user.getLoginName();}}

User.java，一个简单的JavaBean

public class User {// Used for loginprivate String loginName;private String password;// Information of userprivate String name;private String sex;private int age;//get/set 方法@Overridepublic boolean equals(Object object) {if(object==null || getClass()!=object.getClass()){return false;}User user = (User)object;return strEquals(getLoginName(), user.getLoginName()) &&strEquals(getPassword(), user.getPassword()) &&strEquals(getName(), user.getName()) &&strEquals(getSex(), user.getSex()) &&getAge() == user.getAge();}private boolean strEquals( String s1, String s2 ){if( s1 == null ){return false;}return s1.equals(s2);}@Overridepublic int hashCode() {int result = 47;result = 37*result + Integer.valueOf(age).hashCode();result = 37*result + (loginName==null ? 0 : loginName.hashCode());result = 37*result + (password==null ? 0 : password.hashCode());result = 37*result + (name==null ? 0 : name.hashCode());result = 37*result + (sex==null ? 0 : sex.hashCode());return result;}}

UserDAO.java，一个简单的模拟的dao

public class UserDAO {private static Map<String, User> users = new HashMap<String, User>();public UserDAO(){mockUsers();}public User attemptLogin(String loginName, String password) throws UserNotFoundException{User user;if( (user=findUser(loginName)) == null ){throw new UserNotFoundException("Invalid User!");}if( !validPassword(password, user) ){throw new UserNotFoundException("Invalid Password!");}return user;}User findUser( String loginName ){return users.get(loginName);}boolean validPassword( String password, User user ){return password.equals(user.getPassword());}private void mockUsers(){User zhangsan = new User();zhangsan.setLoginName("zhangsan@qq.com");zhangsan.setPassword("zhangsan123");zhangsan.setName("zhangsan");zhangsan.setAge(22);zhangsan.setSex("man");User lisi = new User();lisi.setLoginName("lisi@qq.com");lisi.setPassword("lisi123");lisi.setName("lisi");lisi.setAge(25);lisi.setSex("woman");User wangwu = new User();wangwu.setLoginName("wangwu@qq.com");wangwu.setPassword("wangwu123");wangwu.setName("wangwu");wangwu.setAge(27);wangwu.setSex("man");users.put(zhangsan.getLoginName(), zhangsan);users.put(lisi.getLoginName(), lisi);users.put(wangwu.getLoginName(), wangwu);}}

UserNotFoundException.java，之定义封装的一个 Exception

public class UserNotFoundException extends Exception{private static final long serialVersionUID = -5207325846250567308L;public UserNotFoundException( String message ){super( message );}}

login.jsp，登陆页面

<%@ page language="java" pageEncoding="UTF-8"%><%@taglib prefix="s" uri="/struts-tags" %><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">        <title>Login</title>  </head>    <body><h2>Login</h2> <s:actionmessage/><s:actionerror/><s:form action="/authority/Login.action" method="post" validate="false" theme="xhtml"><s:textfield name="loginName" label="Username"></s:textfield><br/><s:password name="password" label="Password"></s:password><br/><s:checkbox label="Remember Me" name="rememberMe"></s:checkbox><s:submit value="%{'Login'}"></s:submit> </s:form><a href="/test_struct2/authority/register.jsp">Register</a></body></html>

main.jsp主页面

<%@ page language="java" pageEncoding="ISO-8859-1"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">        <title>My JSP 'main.jsp' starting page</title>    <meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0">    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--<link rel="stylesheet" type="text/css" href="styles.css">-->  </head>    <body>    This is Main page. <br>    <a href="/test_struct2/authority/Logout.action">Logout</a>  </body></html>

register.jsp ，未实现。。。