你要好好爱自己文字:在struts2中使用拦截器（Interceptor）控制登录和权限

来源：百度文库编辑：中财网时间：2024/05/03 04:10:00

在jsp servlet中我们通常使用Servlet Filter控制用户是否登入，是否有权限转到某个页面。在struts2中我们应该会想到他的拦截器（Interceptor）， Interceptor在struts2中起着非常重要的作用。很多struts2中的功能都是使用Interceptor实现的。

需求：简单的登入界面，让用户输入用户名、密码、记住密码（remember me）。如果用户选中remember me的话，下次就不需要再登入了（使用cookie实现，用需要点击logout取消remeber me功能）。如果用户起始输入的地址不是登入页面的话，在用户登入之后需要转到用户输入的起始地址。

我们先看看LoginInterceptor.java
Java代码

package com.javaeye.dengyin2000.wallet.interceptor;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.struts2.StrutsStatics;
import com.javaeye.dengyin2000.wallet.dao.UserDAO;
import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;
import com.javaeye.dengyin2000.wallet.domains.User;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class LoginInterceptor extends AbstractInterceptor {
public static final String USER_SESSION_KEY="wallet.session.user";
public static final String COOKIE_REMEMBERME_KEY="wallet.cookie.rememberme";
public static final String GOING_TO_URL_KEY="GOING_TO";
private UserDAO userDao;
@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext actionContext = invocation.getInvocationContext();
HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
Map session = actionContext.getSession();
if (session != null && session.get(USER_SESSION_KEY) != null){
return invocation.invoke();
}
Cookie[] cookies = request.getCookies();
if (cookies!=null) {
for (Cookie cookie : cookies) {
if (COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {
String value = cookie.getValue();
if (StringUtils.isNotBlank(value)) {
String[] split = value.split("==");
String userName = split[0];
String password = split[1];
try {
User user = userDao
.attemptLogin(userName, password);
session.put(USER_SESSION_KEY, user);
} catch (UserNotFoundException e) {
setGoingToURL(session, invocation);
return "login";
}
} else {
setGoingToURL(session, invocation);
return "login";
}
return invocation.invoke();
}
}
}
setGoingToURL(session, invocation);
return "login";
}
private void setGoingToURL(Map session, ActionInvocation invocation){
String url = "";
String namespace = invocation.getProxy().getNamespace();
if (StringUtils.isNotBlank(namespace) && !namespace.equals("/")){
url = url + namespace;
}
String actionName = invocation.getProxy().getActionName();
if (StringUtils.isNotBlank(actionName)){
url = url + "/" + actionName + ".action";
}
session.put(GOING_TO_URL_KEY, url);
}
public UserDAO getUserDao() {
return userDao;
}
public void setUserDao(UserDAO userDao) {
this.userDao = userDao;
}
}

package com.javaeye.dengyin2000.wallet.interceptor;import java.util.Map;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;import org.apache.commons.lang.StringUtils;import org.apache.struts2.StrutsStatics;import com.javaeye.dengyin2000.wallet.dao.UserDAO;import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;import com.javaeye.dengyin2000.wallet.domains.User;import com.opensymphony.xwork2.ActionContext;import com.opensymphony.xwork2.ActionInvocation;import com.opensymphony.xwork2.interceptor.AbstractInterceptor;public class LoginInterceptor extends AbstractInterceptor {public static final String USER_SESSION_KEY="wallet.session.user";public static final String COOKIE_REMEMBERME_KEY="wallet.cookie.rememberme";public static final String GOING_TO_URL_KEY="GOING_TO";private UserDAO userDao;@Overridepublic String intercept(ActionInvocation invocation) throws Exception {ActionContext actionContext = invocation.getInvocationContext();HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);Map session = actionContext.getSession();if (session != null && session.get(USER_SESSION_KEY) != null){return invocation.invoke();}Cookie[] cookies = request.getCookies();if (cookies!=null) {for (Cookie cookie : cookies) {if (COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {String value = cookie.getValue();if (StringUtils.isNotBlank(value)) {String[] split = value.split("==");String userName = split[0];String password = split[1];try {User user = userDao.attemptLogin(userName, password);session.put(USER_SESSION_KEY, user);} catch (UserNotFoundException e) {setGoingToURL(session, invocation);return "login";}} else {setGoingToURL(session, invocation);return "login";}return invocation.invoke();}}}setGoingToURL(session, invocation);return "login";}private void setGoingToURL(Map session, ActionInvocation invocation){String url = "";String namespace = invocation.getProxy().getNamespace();if (StringUtils.isNotBlank(namespace) && !namespace.equals("/")){url = url + namespace;}String actionName = invocation.getProxy().getActionName();if (StringUtils.isNotBlank(actionName)){url = url + "/" + actionName + ".action";}session.put(GOING_TO_URL_KEY, url);}public UserDAO getUserDao() {return userDao;}public void setUserDao(UserDAO userDao) {this.userDao = userDao;}}

首先判断session中有没有用户信息，如果有的话继续，如果没有的话，检查cookie中有没有rememberme的值，如果有的话，用==分割，取得用户名密码进行登入。如果没有这个用户的话，记录下request的action地址然后转到登入页面。如果验证有这个用户，则继续下面的interceptor。如果cookie中没有信息的话，则记录request的action地址然后转到登入页面。以上就是LoginInterceptor的全部代码。

下面我们看看struts.xml

Java代码

"1.0" encoding="UTF-8"?>
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<package name="default" extends="struts-default">
"loginInterceptor" class="loginInterceptor">
"loginDefaultStack">
"loginInterceptor">
"defaultStack">
<default-interceptor-ref name="loginDefaultStack">default-interceptor-ref>
"login" type="redirect">/login.jsp
"index" class="indexAction">
/index.jsp
"logout" class="logoutAction">
"login" class="loginAction" method="login">
"redirect">${goingToURL}
"input">/login.jsp
"defaultStack">
"register" class="registerAction">
"redirect">/login.jsp
"input">/register.jsp
"defaultStack">
package>

/login.jsp/index.jsp${goingToURL}/login.jsp/login.jsp/register.jsp

我们是使用的默认的interceptor stack是loginInterceptor，如果你需要让不登入的用户也能访问的话，你需要配置你的action使用defaultStack。我们这里的login, register使用的就是defaultStack。这里要注意的是success的result是我们用LoginInterceptor设过来的值。这样我们就能够转到用户输入的起始页面。下面我们再来看看login.jsp 和 loginAction

Java代码

<%@taglib prefix="s" uri="/struts-tags" %>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
"Content-Type" content="text/html; charset=UTF-8">
Wallet-Login
Login
"login" method="post" validate="false" theme="xhtml">
"loginName" label="Username">
"password" label="Password">
"Remember Me" name="rememberMe">
"%{'Login'}">
"register.jsp">Register

<%@taglib prefix="s" uri="/struts-tags" %><%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%>Wallet-LoginLogin


Register

Java代码

package com.javaeye.dengyin2000.wallet.actions;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.struts2.interceptor.CookiesAware;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
import org.apache.struts2.interceptor.SessionAware;
import com.javaeye.dengyin2000.wallet.dao.UserDAO;
import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;
import com.javaeye.dengyin2000.wallet.domains.User;
import com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor;
import com.opensymphony.xwork2.ActionSupport;
public class LoginAction extends ActionSupport implements ServletResponseAware, ServletRequestAware, SessionAware, CookiesAware{
private UserDAO userDao;
private String loginName;
private String password;
private boolean rememberMe;
private HttpServletResponse response;
private HttpServletRequest request;
private Map session;
private Map cookies;
private String goingToURL;
public String getGoingToURL() {
return goingToURL;
}
public void setGoingToURL(String goingToURL) {
this.goingToURL = goingToURL;
}
public boolean isRememberMe() {
return rememberMe;
}
public void setRememberMe(boolean rememberMe) {
this.rememberMe = rememberMe;
}
public String getLoginName() {
return loginName;
}
public void setLoginName(String loginName) {
this.loginName = loginName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String login()throws Exception{
try {
User user = userDao.attemptLogin(loginName, password);
if (rememberMe){
Cookie cookie = new Cookie(LoginInterceptor.COOKIE_REMEMBERME_KEY, user.getLoginName() + "==" + user.getPassword());
cookie.setMaxAge(60 * 60 * 24 * 14);
response.addCookie(cookie);
}
session.put(LoginInterceptor.USER_SESSION_KEY, user);
String goingToURL = (String) session.get(LoginInterceptor.GOING_TO_URL_KEY);
if (StringUtils.isNotBlank(goingToURL)){
setGoingToURL(goingToURL);
session.remove(LoginInterceptor.GOING_TO_URL_KEY);
}else{
setGoingToURL("index.action");
}
return SUCCESS;
} catch (UserNotFoundException e) {
addActionMessage("user name or password is not corrected.");
return INPUT;
}
}
public UserDAO getUserDao() {
return userDao;
}
public void setUserDao(UserDAO userDao) {
this.userDao = userDao;
}
public void setServletResponse(HttpServletResponse response) {
this.response = response;
}
public void setServletRequest(HttpServletRequest request) {
this.request = request;
}
public void setSession(Map session) {
this.session = session;
}
public void setCookiesMap(Map cookies) {
this.cookies = cookies;
}
}

package com.javaeye.dengyin2000.wallet.actions;import java.util.Map;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.commons.lang.StringUtils;import org.apache.struts2.interceptor.CookiesAware;import org.apache.struts2.interceptor.ServletRequestAware;import org.apache.struts2.interceptor.ServletResponseAware;import org.apache.struts2.interceptor.SessionAware;import com.javaeye.dengyin2000.wallet.dao.UserDAO;import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;import com.javaeye.dengyin2000.wallet.domains.User;import com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor;import com.opensymphony.xwork2.ActionSupport;public class LoginAction extends ActionSupport implements ServletResponseAware, ServletRequestAware, SessionAware, CookiesAware{private UserDAO userDao;private String loginName;private String password;private boolean rememberMe;private HttpServletResponse response;private HttpServletRequest request;private Map session;private Map cookies;private String goingToURL;public String getGoingToURL() {return goingToURL;}public void setGoingToURL(String goingToURL) {this.goingToURL = goingToURL;}public boolean isRememberMe() {return rememberMe;}public void setRememberMe(boolean rememberMe) {this.rememberMe = rememberMe;}public String getLoginName() {return loginName;}public void setLoginName(String loginName) {this.loginName = loginName;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public String login()throws Exception{try {User user = userDao.attemptLogin(loginName, password);if (rememberMe){Cookie cookie = new Cookie(LoginInterceptor.COOKIE_REMEMBERME_KEY, user.getLoginName() + "==" + user.getPassword());cookie.setMaxAge(60 * 60 * 24 * 14);response.addCookie(cookie);}session.put(LoginInterceptor.USER_SESSION_KEY, user);String goingToURL = (String) session.get(LoginInterceptor.GOING_TO_URL_KEY);if (StringUtils.isNotBlank(goingToURL)){setGoingToURL(goingToURL);session.remove(LoginInterceptor.GOING_TO_URL_KEY);}else{setGoingToURL("index.action");}return SUCCESS;} catch (UserNotFoundException e) {addActionMessage("user name or password is not corrected.");return INPUT;}}public UserDAO getUserDao() {return userDao;}public void setUserDao(UserDAO userDao) {this.userDao = userDao;}public void setServletResponse(HttpServletResponse response) {this.response = response;}public void setServletRequest(HttpServletRequest request) {this.request = request;}public void setSession(Map session) {this.session = session;}public void setCookiesMap(Map cookies) {this.cookies = cookies;}}

差不多就是这么多代码了。最后看看logoutAction

Java代码

package com.javaeye.dengyin2000.wallet.actions;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
import com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor;
import com.opensymphony.xwork2.ActionSupport;
public class LogoutAction extends ActionSupport implements ServletRequestAware , ServletResponseAware{
private HttpServletRequest request;
private HttpServletResponse response;
public String execute() throws Exception{
HttpSession session = request.getSession(false);
if (session!=null)
session.removeAttribute(LoginInterceptor.USER_SESSION_KEY);
Cookie[] cookies = request.getCookies();
if (cookies!=null) {
for (Cookie cookie : cookies) {
if (LoginInterceptor.COOKIE_REMEMBERME_KEY.equals(cookie
.getName())) {
cookie.setValue("");
cookie.setMaxAge(0);
response.addCookie(cookie);
return "login";
}
}
}
return "login";
}
public void setServletRequest(HttpServletRequest request) {
this.request = request;
}
public void setServletResponse(HttpServletResponse response) {
this.response = response;
}
}

package com.javaeye.dengyin2000.wallet.actions;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import org.apache.struts2.interceptor.ServletRequestAware;import org.apache.struts2.interceptor.ServletResponseAware;import com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor;import com.opensymphony.xwork2.ActionSupport;public class LogoutAction extends ActionSupport implements ServletRequestAware , ServletResponseAware{private HttpServletRequest request;private HttpServletResponse response;public String execute() throws Exception{HttpSession session = request.getSession(false);if (session!=null)session.removeAttribute(LoginInterceptor.USER_SESSION_KEY);Cookie[] cookies = request.getCookies();if (cookies!=null) {for (Cookie cookie : cookies) {if (LoginInterceptor.COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {cookie.setValue("");cookie.setMaxAge(0);response.addCookie(cookie);return "login";}}}return "login";}public void setServletRequest(HttpServletRequest request) {this.request = request;}public void setServletResponse(HttpServletResponse response) {this.response = response;}}

这里需要注意的是需要把cookie也清理下。

applicationContext-struts.xml
Java代码

"1.0" encoding="UTF-8"?>
"-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
"indexAction" class="com.javaeye.dengyin2000.wallet.actions.IndexAction" singleton="false">
"loginAction" class="com.javaeye.dengyin2000.wallet.actions.LoginAction" singleton="false">
"userDao" ref="userDao" />
"logoutAction" class="com.javaeye.dengyin2000.wallet.actions.LogoutAction" singleton="false">
"registerAction" class="com.javaeye.dengyin2000.wallet.actions.RegisterAction" singleton="false">
"loginInterceptor" class="com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor">
"userDao" ref="userDao" />
"userDao" class="com.javaeye.dengyin2000.wallet.dao.UserDAOImpl">

在asp.net中如何使用全屏界面而不被拦截？我想在我的网页中使用一些特殊字体，又怕字体下载被拦截～～ FLASH 在我网页中被拦截如何在miniIE中拦截浮动广告在HTML里,怎样使用JavaScript才不会被拦截 Inter中视频问题怎样拦截广告,怎样在IE Internet选项中设置在firefox浏览器中怎么拦截页面浮动广告 INTER图标在哪里？ Inter总公司在哪？ 1991年海湾战争中.美军使用什么导弹成功拦截了伊拉克的飞毛腿导弹 HR中INTER DEPOT是什么意思我电脑中毒了 INTER选项中不能选择使用空白页每次打开都是一个垃圾网站的站点在工具 inter选项中删除历史记录后，历史记录能被恢复吗？在inter广告中， Mariah Carey唱的歌叫什么名字啊？ Inter的总厂在哪里？是不是所有的inter盒装cpu风扇在使用时，有时侯转有时侯不转不知何故，最近我的电脑时不时在我使用inter网时会突然出现“No Device”的绿色字样！我的雅虎助手为什么在工具栏中没有广告拦截？那款广告拦截软件最好使用? 使用《遨游Maxthon》无法拦截广告问题 HR中inter depot什么意思 wpe拦截器下载急求！拦截器！