Struts2中利用filter、session实现安全访问和身份认证
来源:互联网 发布:粒子群算法与遗传算法 编辑:程序博客网 时间:2024/04/29 04:45
1、开发环境:
Eclipse软件
JDK 1.7
Apach Tomcat 7
2、通过eclipse创建Dynamic Web Project后,导入相应的Struts2 的jar文件:
3、导入jar包后,创建如下图所示项目相应目录:
权限说明
(1) 根目录(WebContent)下的资源,如:index.jsp和login.jsp,允许匿名访问。
(2) Admin目录下的admin.jsp只允许角色为”admin”的用户访问。 User目录下的user.jsp只允许角色为”user”的用户访问
4、相应的jsp代码如下:
@index.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Insert title here</title></head><body><form name="welcome" action="welcome" method="post"><table><tr><td>welcome to you !</td></tr><tr><td><input value="login" type="submit" /></td></tr></table></form></body></html>@login.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme() + "://"+ request.getServerName() + ":" + request.getServerPort()+ path + "/";%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><base href="<%=basePath%>"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body><form name="login" action="login" method="post"><table><tr><td>用户名</td><td><input name="name" type="text" /></td></tr><tr><td>密码</td><td><input name="password" type="password" /></td></tr><tr><td></td><td><input value="submit" type="submit" /></td></tr></table></form><%=path%><%=request.getRequestURI()%><%=request.getServletPath()%></body></html>
@user.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Insert title here</title></head><body><%String user = (String) session.getAttribute("name");String balance = (String) session.getAttribute("balance");String address = (String) session.getAttribute("address");String tel = (String) session.getAttribute("tel");%><form><table><tr><td>用户名:</td><td><%=user %></td></tr><tr><td>余额:</td><td><%=balance %></td></tr><tr><td>住址:</td><td><%=address %></td></tr><tr><td>电话:</td><td><%=tel %></td></tr></table></form></body></html>
@admin.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Insert title here</title></head><body><%String user = (String) session.getAttribute("name");String balance = (String) session.getAttribute("balance");String address = (String) session.getAttribute("address");String tel = (String) session.getAttribute("tel");%><form><table><tr><td>用户名:</td><td><%=user %></td></tr><tr><td>余额:</td><td><%=balance %></td></tr><tr><td>住址:</td><td><%=address %></td></tr><tr><td>电话:</td><td><%=tel %></td></tr></table></form></body></html>@创建用于登陆验证类Login.java:
package com.axb.cheney.filter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpSession;import org.apache.struts2.interceptor.ServletRequestAware;import com.opensymphony.xwork2.ActionSupport;public class Login extends ActionSupport implements ServletRequestAware{ private static final long serialVersionUID = 1L; private String name; private String password; private HttpServletRequest request; public String pass() { HttpServletRequest req = this.request; HttpSession session = req.getSession(); if ((this.name.equals("user1")) && (this.password.equals("password1"))) { session.setAttribute("name", this.name); session.setAttribute("balance", "10,000"); session.setAttribute("address", "广东省深圳市福田区购物公园"); session.setAttribute("tel", "12665654856"); System.out.println("login:" + this.name); return "user"; }if ((this.name.equals("admin")) && (this.password.equals("password2"))) { session.setAttribute("name", this.name); session.setAttribute("balance", "9,000"); session.setAttribute("address", "广东省珠海市香洲区北理工"); session.setAttribute("tel", "14956569898"); System.out.println("login:" + this.name); return "admin"; } System.out.println("login: fail"); return "failure"; } public String getName() { return this.name; } public void setName(String name) { this.name = name; } public String getPassword() { return this.password; } public void setPassword(String password) { this.password = password; } public HttpServletRequest getRequest() { return this.request; } public void setServletRequest(HttpServletRequest request) { this.request = request; }}@修改Struts.xml文件:
<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE struts PUBLIC"-//Apache Software Foundation//DTD Struts Configuration 2.3//EN""http://struts.apache.org/dtds/struts-2.3.dtd"><struts><constant name="struts.enable.DynamicMethodInvocation" value="false" /><constant name="struts.devMode" value="true" /><package name="default" namespace="/" extends="struts-default"><default-action-ref name="index" /><global-results><result name="error">/WEB-INF/error.jsp</result></global-results><action name="welcome"><result>/login.jsp </result></action><action name="login" class="com.axb.cheney.filter.Login"method="pass"><result name="failure">/login.jsp </result><result name="user">/user/user.jsp </result><result name="admin">/admin/admin.jsp </result></action></package></struts>
@创建用于拦截验证身份的UserAuthenticationFilter.java
package com.axb.cheney.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class UserAuthenticationFilter implements Filter{ private static String LOGIN_PAGE = "/login.jsp"; public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; String currentUrl = req.getServletPath(); HttpSession session = req.getSession(); System.out.println("UserAuthenticationFilter"); if (currentUrl.equals("")) currentUrl = currentUrl + "/"; if ((currentUrl.startsWith("/")) && (!currentUrl.startsWith("/login.jsp"))) { String user = (String)session.getAttribute("name"); if (user == null) { res.sendRedirect(req.getContextPath() + LOGIN_PAGE); return; } if (!user.equals("user1")) { session.removeAttribute("name"); res.sendRedirect(req.getContextPath() + LOGIN_PAGE); return; } } chain.doFilter(request, response); } public void init(FilterConfig arg0) throws ServletException { }}
@创建用于拦截验证身份的AdminAuthenticationFilter.java
package com.axb.cheney.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class AdminAuthenticationFilter implements Filter{ private static String LOGIN_PAGE = "/login.jsp"; public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; String currentUrl = req.getServletPath(); HttpSession session = req.getSession(); System.out.println("AdminAuthenticationFilter"); if (currentUrl.equals("")) currentUrl = currentUrl + "/"; if ((currentUrl.startsWith("/")) && (!currentUrl.startsWith("/login.jsp"))) { String user = (String)session.getAttribute("name"); if (user == null) { res.sendRedirect(req.getContextPath() + LOGIN_PAGE); return; } if (!user.equals("admin")) { session.removeAttribute("name"); res.sendRedirect(req.getContextPath() + LOGIN_PAGE); return; } } chain.doFilter(request, response); } public void init(FilterConfig arg0) throws ServletException { }}
@最后配置web.xml文件用于过滤admin和user目录下的资源访问
<?xml version="1.0" encoding="UTF-8"?><web-app id="WebApp_9" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"><display-name>SAML</display-name><welcome-file-list><welcome-file>index.jsp</welcome-file></welcome-file-list> <filter><filter-name>struts2</filter-name><filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class></filter><filter-mapping><filter-name>struts2</filter-name><url-pattern>/*</url-pattern></filter-mapping> <filter><filter-name>UserAuthentication</filter-name><filter-class>com.axb.cheney.filter.UserAuthenticationFilter</filter-class></filter><filter-mapping><filter-name>UserAuthentication</filter-name><url-pattern>/user/*</url-pattern></filter-mapping><filter><filter-name>AdminAuthentication</filter-name><filter-class>com.axb.cheney.filter.AdminAuthenticationFilter</filter-class></filter><filter-mapping><filter-name>AdminAuthentication</filter-name><url-pattern>/admin/*</url-pattern></filter-mapping></web-app>
5、测试结果如下:
@当第一次运行tomcat时,页面显示index.jsp主界面,如图1所示。
当点击页面<login>按钮,页面将调转到图2所示用户登陆页面。
图1
图2
@当你想通过直接访问user资源时,如图3所示,输入资源相应路径时,访问User子目录的任何资源,
都将被UserAuthenticationFilter捕获。UserAuthenticationFilter对请求进行验证,检查session中是否
有正确的登录信息,是否有相应的权限。如果通过了验证,允许访问,否则不允许访问,向客户端浏
览器返回login.jsp,让用户进行登录。
图3
图4
@当验证正确时,页面显示请求的相应内容,如图5所示
图5
0 0
- Struts2中利用filter、session实现安全访问和身份认证
- 身份认证和访问控制实现原理
- 身份认证和访问控制实现原理
- 身份认证和访问控制实现原理
- 身份认证和访问控制实现原理
- 身份认证和访问控制实现原理
- struts2过滤器实现身份认证
- Tivoli身份认证新品 访问安全无与伦比
- 网络安全之身份认证和访问控制实现原理(ZZ)
- 用Zend_Auth实现Session身份持久认证
- express使用session实现登录身份认证
- express+session实现简易身份认证
- struts2 自定义拦截器实现身份认证
- struts2中访问request和session
- 利用cookie, session 和Filter实现简单的自动登陆
- 身份认证与session对象
- nutz基于shiro实现身份认证和权限认证
- MongoDB安全及身份认证
- 合并Log的右键操作功能添加
- PSobj [4]裂痕
- Android Studio 入门教程
- 练习二1001
- java虚拟机类加载机制---《深入理解java虚拟机》读书笔记
- Struts2中利用filter、session实现安全访问和身份认证
- AndroidStudio eclipse华为手机LogCat无法输出
- android view的一些常用触发方法
- pthread
- 【day0412 C++】顺序容器 STL list类的应用
- 手机APP大用户并发测试
- 算法--bitmap算法
- 招聘需求系列之二
- Android-ListView的图文列表显示