登陆拦截器与登陆过滤器

先在src下建立一个包：tutorial.interceptor

在这个包下建立一个类LogonInterceptor继承于AbstractInterceptor，覆盖intercept（）方法:

package tutorial.interceptor;import java.util.Map;import org.apache.struts2.ServletActionContext;import com.opensymphony.xwork2.ActionContext;import com.opensymphony.xwork2.ActionInvocation;import com.opensymphony.xwork2.interceptor.AbstractInterceptor;public class LogonInterceptor extends AbstractInterceptor {public String intercept(ActionInvocation invocation) throws Exception {// 取得请求的Action名String name = invocation.getInvocationContext().getName();if (name.equals("Login")) {// 如果用户想登录，则使之通过return invocation.invoke();} else {// 取得Session。ActionContext ac = invocation.getInvocationContext();Map session = (Map)ac.get(ServletActionContext.SESSION);if (session == null) {// 如果Session为空，则让用户登陆。return "login";} else {String username = (String)session.get("username");if (username == null) {// Session不为空，但Session中没有用户信息，// 则让用户登陆return "login";} else {// 用户已经登陆，放行~return invocation.invoke();}}}}}

今天的内容有点多，接下来还要对这个拦截器进行配置：
关于怎样配置一个拦截器使之对所有的Action起作用请参考：
struts-2.0.6docsdocshow-do-we-configure-an-interceptor-to-be-used-with-every-action.html
修改struts.xml，
1，自定义拦截器
2，重定义默认拦截器堆栈
3，添加一个global-results，用户在验证失败的情况下跳转到登陆验证页面
struts.xml的完整内容：

Login!input.action

/HelloWorld.jsp

/Success.jsp
/Login.jsp

java 使用过滤器控制用户访问权限

控制器类

package com.crm.filter;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class LoginFilter implements Filter {private static final String LOGON_URI = "LOGON_URI";private static final String HOME_URI = "HOME_URI";private String logon_page;private String home_page;public void destroy() {}public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request;HttpServletResponse resp = (HttpServletResponse) response;resp.setContentType("text/html;");resp.setCharacterEncoding("utf-8");HttpSession session = req.getSession();PrintWriter out = resp.getWriter();// 得到用户请求的URIString request_uri = req.getRequestURI();// 得到web应用程序的上下文路径String ctxPath = req.getContextPath();// 去除上下文路径，得到剩余部分的路径String uri = request_uri.substring(ctxPath.length());// 判断用户访问的是否是登录页面if (uri.equals(logon_page) ¦¦ uri.equals(home_page)) {chain.doFilter(request, response);return;} else {// 如果访问的不是登录页面，则判断用户是否已经登录if (null != session.getAttribute("curUser")&& "" != session.getAttribute("curUser")){chain.doFilter(request, response);return;} else {out.println(""+ "parent.location.href='" +ctxPath + logon_page + "'"+ "");return;}}}public void init(FilterConfig config) throws ServletException {// TODO Auto-generated method stub// 从部署描述符中获取登录页面和首页的URIlogon_page = config.getInitParameter(LOGON_URI);home_page = config.getInitParameter(HOME_URI);// System.out.println(logon_page);if (null == logon_page ¦¦ null == home_page) {throw new ServletException("没有找到登录页面或主页");}}}

web.xml

loginFilter
com.crm.filter.LoginFilter

LOGON_URI
/login.jsp

HOME_URI
/index.jsp

loginFilter
*.jsp