struts2中用interceptor实现权限控制
来源:互联网 发布:php导出excel乱码问题 编辑:程序博客网 时间:2024/06/02 02:21
在jsp servlet中我们通常使用Servlet Filter控制用户是否登入, 是否有权限转到某个页面。在struts2中我们应该会想到他的拦截器(Interceptor), Interceptor在struts2中起着非常重要的作用。很多struts2中的功能都是使用Interceptor实现的。
需求:简单的登入界面,让用户输入用户名,密码,记住密码(remember me)。如果用户选中remember me的话,下次就不需要再登入了(使用cookie实现, 用需要点击logout取消remeber me功能)。如果用户起始输入的地址不是登入页面的话,在用户登入之后需要转到用户输入的起始地址。
功能概图:
项目文件概图:
struts.xml 配置部分:
<!-- 演示权限控制 --><package name="authority" extends="struts-default" namespace="/authority"><interceptors><interceptor name="loginInterceptor" class="com.gq.action.LoginInterceptor"/><interceptor-stack name="loginDefaultStack"><interceptor-ref name="loginInterceptor"/><interceptor-ref name="defaultStack"/></interceptor-stack></interceptors><default-interceptor-ref name="loginDefaultStack"/><global-results><result name="login" type="redirect">/authority/login.jsp</result></global-results> <action name="Index" class="com.gq.action.IndexAction"><result>/authority/main.jsp</result><interceptor-ref name="loginDefaultStack"/></action><action name="Logout" class="com.gq.action.LogoutAction"></action><action name="Login" class="com.gq.action.LoginAction" method="login"><result type="redirect">${goingToURL}</result><result name="input">/authority/login.jsp</result><interceptor-ref name="defaultStack"/></action><!-- 没有实现 class <action name="Register" class="com.gq.action.LoginAction"><result type="redirect">/authority/login.jsp</result><result name="input">/authority/register.jsp</result><interceptor-ref name="defaultStack"/></action>--></package>各文件描述和源代码:
IndexAction.java,直接跳转到 main.jsp,该action 名称为 “Index”,并配置有登陆权限验证拦截器!
public class IndexAction extends ActionSupport {private static final long serialVersionUID = 7078603236740619967L;@Overridepublic String execute() throws Exception {// Just return to /main.jspreturn SUCCESS;}}LoginAction.java,验证“登陆名”和“密码”是否正确,保存“用户”到 Session中,并根据参数决定是否保存Cookie
其中要判断:
1、用户直接进入 login.jsp的页面?验证成功后,跳转到 main.jsp页面。
2、用户从其他页面 xxx.jsp,因为没有权限验证失败而回到 login.jsp?则验证成功后,跳转到 xxx.jsp页面。
(这里为了演示简化,xxx.jsp 就指定为 main.jsp 页面)
public class LoginAction extends ActionSupport implements ServletResponseAware, SessionAware {private static final long serialVersionUID = 2965422004870746408L;private String loginName;private String password;private boolean rememberMe;private HttpServletResponse response;private Map session;private String goingToURL;public String getGoingToURL() {return goingToURL;}public void setGoingToURL(String goingToURL) {this.goingToURL = goingToURL;}public boolean isRememberMe() {return rememberMe;}public void setRememberMe(boolean rememberMe) {this.rememberMe = rememberMe;}public String getLoginName() {return loginName;}public void setLoginName(String loginName) {this.loginName = loginName;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public void setServletResponse(HttpServletResponse response) {this.response = response;}public void setSession(Map session) {this.session = session;}public String login() throws Exception {System.out.println("In login..." + getLoginName());try {User user = new UserDAO().attemptLogin(getLoginName(), getPassword());//Add cookieif (rememberMe) {response.addCookie(createCookie(user));}//Add into sessionsession.put(LoginInterceptor.USER_SESSION_KEY, user);String goingToURL = (String) session.get(LoginInterceptor.GOING_TO_URL_KEY);if (StringUtils.isNotBlank(goingToURL)){setGoingToURL(goingToURL);session.remove(LoginInterceptor.GOING_TO_URL_KEY);} else {setGoingToURL("Index.action");}return SUCCESS;} catch (UserNotFoundException e) {addActionMessage("user name or password is not corrected.");return INPUT;}}Cookie createCookie( User user ){int SEVEN_DAYS = 60 * 60 * 24 * 7;Cookie cookie = new Cookie(LoginInterceptor.COOKIE_REMEMBERME_KEY, createValue(user));cookie.setMaxAge(SEVEN_DAYS);return cookie;}String createValue( User user ){return user.getLoginName()+ "==" + user.getPassword();}}LoginInterceptor.java,登陆拦截器,根据 Session判断用户是否在线或根据Cookie解析能否登陆。
public class LoginInterceptor extends AbstractInterceptor {private static final long serialVersionUID = -5889213773673649255L;public static final String USER_SESSION_KEY = "wallet.session.user";public static final String COOKIE_REMEMBERME_KEY = "wallet.cookie.rememberme";public static final String GOING_TO_URL_KEY = "GOING_TO";public static final String LOGIN = "login";@Overridepublic String intercept(ActionInvocation invocation) throws Exception {System.out.println("In LoginInterceptor...");ActionContext actionContext = invocation.getInvocationContext();HttpServletRequest request = (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);//用户在登录状态Map<String,String> session = actionContext.getSession();if (session != null && session.get(USER_SESSION_KEY) != null) {System.out.println("In user is login, saved information in session...");return invocation.invoke();}//用户从Cookie中解析信息,然后登录return loginFromCookie(request, invocation, session);}String loginFromCookie(HttpServletRequest request, ActionInvocation invocation,Map session) throws Exception{System.out.println("In loginFromCookie...");Cookie[] cookies = request.getCookies();if( cookies == null ){//No cookiessetGoingToURL(session, invocation);return LOGIN;}Cookie cookie = findCookieByName( cookies );if( cookie == null ){//No cookie by the namesetGoingToURL(session, invocation);return LOGIN;}String loginName = parseLoginName( cookie );String password = parsePassword( cookie );if( loginName == null || password == null ){//parse loginName or password fail...setGoingToURL(session, invocation);return LOGIN;}try {User user = new UserDAO().attemptLogin(loginName, password);session.put(USER_SESSION_KEY, user);return invocation.invoke();} catch (UserNotFoundException e) {setGoingToURL(session, invocation);return LOGIN;}} Cookie findCookieByName(Cookie[] cookies) { for( Cookie cookie : cookies ){ if(COOKIE_REMEMBERME_KEY.equals(cookie.getName())){ return cookie; } }return null;}String parsePassword(Cookie cookie) { String value = cookie.getValue(); if (StringUtils.isBlank(value)) { return null; } String[] split = value.split("=="); if( split.length < 2 ){ return null; } return split[1];}String parseLoginName(Cookie cookie) {String value = cookie.getValue(); if (StringUtils.isBlank(value)) { return null; } String[] split = value.split("=="); return split[0];}private void setGoingToURL(Map session, ActionInvocation invocation) {String url = "";String namespace = invocation.getProxy().getNamespace();if (StringUtils.isNotBlank(namespace) && !namespace.equals("/")) {url = url + namespace;}String actionName = invocation.getProxy().getActionName();if (StringUtils.isNotBlank(actionName)) {url = url + "/" + actionName + ".action";}session.put(GOING_TO_URL_KEY, url);}}LogoutAction.java,注销,清空Session中的信息,删除Cookie
public class LogoutAction extends ActionSupport implements ServletRequestAware,ServletResponseAware {private static final long serialVersionUID = -7680746852412424580L;private HttpServletRequest request;private HttpServletResponse response;public void setServletRequest(HttpServletRequest request) {this.request = request;}public void setServletResponse(HttpServletResponse response) {this.response = response;}public String execute() throws Exception {System.out.println("In logout..." + getNameForLogout());removeFromSession();removeFromCookies();return "login";}void removeFromSession() {HttpSession session = request.getSession(false);if (session != null)session.removeAttribute(LoginInterceptor.USER_SESSION_KEY);}void removeFromCookies() {Cookie[] cookies = request.getCookies();if (cookies != null) {for (Cookie cookie : cookies) {if (LoginInterceptor.COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {cookie.setValue("");cookie.setMaxAge(0);response.addCookie(cookie);return;}}}}String getNameForLogout(){HttpSession session = request.getSession(false);if( session == null){return "Session is null...";}User user = (User)session.getAttribute(LoginInterceptor.USER_SESSION_KEY);return user.getLoginName();}}
User.java,一个简单的JavaBean
public class User {// Used for loginprivate String loginName;private String password;// Information of userprivate String name;private String sex;private int age;//get/set 方法@Overridepublic boolean equals(Object object) {if(object==null || getClass()!=object.getClass()){return false;}User user = (User)object;return strEquals(getLoginName(), user.getLoginName()) &&strEquals(getPassword(), user.getPassword()) &&strEquals(getName(), user.getName()) &&strEquals(getSex(), user.getSex()) &&getAge() == user.getAge();}private boolean strEquals( String s1, String s2 ){if( s1 == null ){return false;}return s1.equals(s2);}@Overridepublic int hashCode() {int result = 47;result = 37*result + Integer.valueOf(age).hashCode();result = 37*result + (loginName==null ? 0 : loginName.hashCode());result = 37*result + (password==null ? 0 : password.hashCode());result = 37*result + (name==null ? 0 : name.hashCode());result = 37*result + (sex==null ? 0 : sex.hashCode());return result;}}UserDAO.java,一个简单的模拟的dao
public class UserDAO {private static Map<String, User> users = new HashMap<String, User>();public UserDAO(){mockUsers();}public User attemptLogin(String loginName, String password) throws UserNotFoundException{User user;if( (user=findUser(loginName)) == null ){throw new UserNotFoundException("Invalid User!");}if( !validPassword(password, user) ){throw new UserNotFoundException("Invalid Password!");}return user;}User findUser( String loginName ){return users.get(loginName);}boolean validPassword( String password, User user ){return password.equals(user.getPassword());}private void mockUsers(){User zhangsan = new User();zhangsan.setLoginName("zhangsan@qq.com");zhangsan.setPassword("zhangsan123");zhangsan.setName("zhangsan");zhangsan.setAge(22);zhangsan.setSex("man");User lisi = new User();lisi.setLoginName("lisi@qq.com");lisi.setPassword("lisi123");lisi.setName("lisi");lisi.setAge(25);lisi.setSex("woman");User wangwu = new User();wangwu.setLoginName("wangwu@qq.com");wangwu.setPassword("wangwu123");wangwu.setName("wangwu");wangwu.setAge(27);wangwu.setSex("man");users.put(zhangsan.getLoginName(), zhangsan);users.put(lisi.getLoginName(), lisi);users.put(wangwu.getLoginName(), wangwu);}}UserNotFoundException.java,之定义封装的一个 Exception
public class UserNotFoundException extends Exception{private static final long serialVersionUID = -5207325846250567308L;public UserNotFoundException( String message ){super( message );}}login.jsp,登陆页面
<%@ page language="java" pageEncoding="UTF-8"%><%@taglib prefix="s" uri="/struts-tags" %><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>Login</title> </head> <body><h2>Login</h2> <s:actionmessage/><s:actionerror/><s:form action="/authority/Login.action" method="post" validate="false" theme="xhtml"><s:textfield name="loginName" label="Username"></s:textfield><br/><s:password name="password" label="Password"></s:password><br/><s:checkbox label="Remember Me" name="rememberMe"></s:checkbox><s:submit value="%{'Login'}"></s:submit> </s:form><a href="/test_struct2/authority/register.jsp">Register</a></body></html>
main.jsp主页面
<%@ page language="java" pageEncoding="ISO-8859-1"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>My JSP 'main.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--<link rel="stylesheet" type="text/css" href="styles.css">--> </head> <body> This is Main page. <br> <a href="/test_struct2/authority/Logout.action">Logout</a> </body></html>register.jsp ,未实现。。。
- struts2中用interceptor实现权限控制
- struts2中用interceptor实现权限控制
- struts2中用interceptor实现权限控制
- Struts2使用Interceptor实现权限控制的应用实例详解
- 【Struts2】:Interceptor实战之权限控制
- Struts2的interceptor实现权限管理
- struts2的interceptor实现权限管理
- Struts2实现权限控制
- Struts2 利用拦截器 interceptor 控制登陆和访问权限
- Struts2 拦截器interceptor控制登录和访问权限
- struts2 过滤器实现权限控制
- struts2的Interceptor实现
- 在struts2中使用拦截器(Interceptor)控制登录和权限
- 在struts2中使用拦截器(Interceptor)控制登录和权限
- 在struts2中使用拦截器(Interceptor)控制登录和权限
- 在struts2中使用拦截器(Interceptor)控制登录和权限
- 在struts2中使用拦截器(Interceptor)控制登录和权限
- 在struts2中使用拦截器(Interceptor)控制登录和权限
- C++中iostream.h和iostream 区别
- linux平台 oracle 数据库 安装文档
- 14.64.3 行过滤及排序键 Table row filer and sort key
- HTML5设计原理 Jeremy Keith在 Fronteers 2010 上的主题演讲
- Oracle 10g Scheduler 特性
- struts2中用interceptor实现权限控制
- HDU1569 方格取数(2)(最大点权独立集 + 最小点权覆盖集 = 总权和)
- Android Gallery3D源码分析
- 每日学习笔记(20)
- Oracle Merge Into 的用法详解实例
- Oracle 物化视图
- Android 多点触摸
- Jar 转 EXE 可以脱离 java 环境 jar to exe和Jsmooth 的使用
- 【总结】关于shell执行,export 和 source