通过session来拦截不合法用户请求

有两种方法，但是这两种方法都是基于Struts2.0的

方法1：

在web点xml中插入

  <filter>
<filter-name>UserFilter</filter-name>
<filter-class>xxx.xxx.xxx.UserValidateFilter</filter-class>
</filter>
    <filter-mapping>
<filter-name>UserFilter</filter-name>
<url-pattern>/admin/*</url-pattern>

</filter-mapping>  

然后创建一个包（包名自取）遇上面的filter-class相互统一，在包内创建UserValidateFilter.java文件

package xxx.xxx.xxx.;


import java.io.IOException;


import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;


import org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter;


import xxx.xxx.xxx.Admin;


public class UserValidateFilter extends StrutsPrepareAndExecuteFilter{


public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession();
Admin admin = null;
try{
admin = (Admin) session.getAttribute("admin");
}catch(java.lang.ClassCastException e){
response.sendRedirect("/xxxxx);
return;
}

if(null == admin){
//request.getRequestDispatcher("/").forward(request, response);
response.sendRedirect("/xxxxx");
return;
}else{
super.doFilter(req, resp, chain);
}
}
}

方法2：

在页面上的basePath下面添加这段代码，在页面上来判断用户是否是管理员，如果不是管理员，则跳转到login页面