?? ?在jsp servlet中我們通常使用Servlet Filter控制用戶是否登入， 是否有權(quán)限轉(zhuǎn)到某個(gè)頁(yè)面。在struts2中我們應(yīng)該會(huì)想到他的攔截器(Interceptor)， Interceptor在struts2中起著非常重要的作用。很多struts2中的功能都是使用Interceptor實(shí)現(xiàn)的。

?? ?需求：簡(jiǎn)單的登入界面，讓用戶輸入用戶名，密碼，記住密碼(remember me)。如果用戶選中remember me的話，下次就不需要再登入了(使用cookie實(shí)現(xiàn)， 用需要點(diǎn)擊logout取消remeber me功能)。如果用戶起始輸入的地址不是登入頁(yè)面的話,在用戶登入之后需要轉(zhuǎn)到用戶輸入的起始地址。

功能概圖：

項(xiàng)目文件概圖：

struts.xml 配置部分：

<!-- 演示權(quán)限控制 --><package name="authority" extends="struts-default" namespace="/authority"><interceptors><interceptor name="loginInterceptor" class="com.gq.action.LoginInterceptor"/><interceptor-stack name="loginDefaultStack"><interceptor-ref name="loginInterceptor"/><interceptor-ref name="defaultStack"/></interceptor-stack></interceptors><default-interceptor-ref name="loginDefaultStack"/><global-results><result name="login" type="redirect">/authority/login.jsp</result></global-results> <action name="Index" class="com.gq.action.IndexAction"><result>/authority/main.jsp</result><interceptor-ref name="loginDefaultStack"/></action><action name="Logout" class="com.gq.action.LogoutAction"></action><action name="Login" class="com.gq.action.LoginAction" method="login"><result type="redirect">${goingToURL}</result><result name="input">/authority/login.jsp</result><interceptor-ref name="defaultStack"/></action><!-- 沒(méi)有實(shí)現(xiàn) class <action name="Register" class="com.gq.action.LoginAction"><result type="redirect">/authority/login.jsp</result><result name="input">/authority/register.jsp</result><interceptor-ref name="defaultStack"/></action>--></package>各文件描述和源代碼：

IndexAction.java，直接跳轉(zhuǎn)到 main.jsp，該action 名稱為 “Index”，并配置有登陸權(quán)限驗(yàn)證攔截器！

public class IndexAction extends ActionSupport {private static final long serialVersionUID = 7078603236740619967L;@Overridepublic String execute() throws Exception {// Just return to /main.jspreturn SUCCESS;}}LoginAction.java，驗(yàn)證“登陸名”和“密碼”是否正確，保存“用戶”到 Session中，并根據(jù)參數(shù)決定是否保存Cookie

其中要判斷：

1、用戶直接進(jìn)入 login.jsp的頁(yè)面？驗(yàn)證成功后，跳轉(zhuǎn)到 main.jsp頁(yè)面。

2、用戶從其他頁(yè)面 xxx.jsp，因?yàn)闆](méi)有權(quán)限驗(yàn)證失敗而回到 login.jsp？則驗(yàn)證成功后，跳轉(zhuǎn)到 xxx.jsp頁(yè)面。

（這里為了演示簡(jiǎn)化，xxx.jsp 就指定為 main.jsp 頁(yè)面）

public class LoginAction extends ActionSupport implements ServletResponseAware, SessionAware {private static final long serialVersionUID = 2965422004870746408L;private String loginName;private String password;private boolean rememberMe;private HttpServletResponse response;private Map session;private String goingToURL;public String getGoingToURL() {return goingToURL;}public void setGoingToURL(String goingToURL) {this.goingToURL = goingToURL;}public boolean isRememberMe() {return rememberMe;}public void setRememberMe(boolean rememberMe) {this.rememberMe = rememberMe;}public String getLoginName() {return loginName;}public void setLoginName(String loginName) {this.loginName = loginName;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public void setServletResponse(HttpServletResponse response) {this.response = response;}public void setSession(Map session) {this.session = session;}public String login() throws Exception {System.out.println("In login..." + getLoginName());try {User user = new UserDAO().attemptLogin(getLoginName(), getPassword());//Add cookieif (rememberMe) {response.addCookie(createCookie(user));}//Add into sessionsession.put(LoginInterceptor.USER_SESSION_KEY, user);String goingToURL = (String) session.get(LoginInterceptor.GOING_TO_URL_KEY);if (StringUtils.isNotBlank(goingToURL)){setGoingToURL(goingToURL);session.remove(LoginInterceptor.GOING_TO_URL_KEY);} else {setGoingToURL("Index.action");}return SUCCESS;} catch (UserNotFoundException e) {addActionMessage("user name or password is not corrected.");return INPUT;}}Cookie createCookie( User user ){int SEVEN_DAYS = 60 * 60 * 24 * 7;Cookie cookie = new Cookie(LoginInterceptor.COOKIE_REMEMBERME_KEY, createValue(user));cookie.setMaxAge(SEVEN_DAYS);return cookie;}String createValue( User user ){return user.getLoginName()+ "==" + user.getPassword();} }LoginInterceptor.java，登陸攔截器，根據(jù) Session判斷用戶是否在線或根據(jù)Cookie解析能否登陸。

public class LoginInterceptor extends AbstractInterceptor {private static final long serialVersionUID = -5889213773673649255L;public static final String USER_SESSION_KEY = "wallet.session.user";public static final String COOKIE_REMEMBERME_KEY = "wallet.cookie.rememberme";public static final String GOING_TO_URL_KEY = "GOING_TO";public static final String LOGIN = "login";@Overridepublic String intercept(ActionInvocation invocation) throws Exception {System.out.println("In LoginInterceptor...");ActionContext actionContext = invocation.getInvocationContext();HttpServletRequest request = (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);//用戶在登錄狀態(tài)Map<String,String> session = actionContext.getSession();if (session != null && session.get(USER_SESSION_KEY) != null) {System.out.println("In user is login, saved information in session...");return invocation.invoke();}//用戶從Cookie中解析信息，然后登錄return loginFromCookie(request, invocation, session);}String loginFromCookie(HttpServletRequest request, ActionInvocation invocation,Map session) throws Exception{System.out.println("In loginFromCookie...");Cookie[] cookies = request.getCookies();if( cookies == null ){ //No cookiessetGoingToURL(session, invocation);return LOGIN;}Cookie cookie = findCookieByName( cookies );if( cookie == null ){ //No cookie by the namesetGoingToURL(session, invocation);return LOGIN;}String loginName = parseLoginName( cookie );String password = parsePassword( cookie );if( loginName == null || password == null ){ //parse loginName or password fail...setGoingToURL(session, invocation);return LOGIN;}try {User user = new UserDAO().attemptLogin(loginName, password);session.put(USER_SESSION_KEY, user);return invocation.invoke();} catch (UserNotFoundException e) {setGoingToURL(session, invocation);return LOGIN;}}Cookie findCookieByName(Cookie[] cookies) {for( Cookie cookie : cookies ){if(COOKIE_REMEMBERME_KEY.equals(cookie.getName())){return cookie;}}return null;}String parsePassword(Cookie cookie) {String value = cookie.getValue();if (StringUtils.isBlank(value)) {return null;}String[] split = value.split("==");if( split.length < 2 ){return null;}return split[1];}String parseLoginName(Cookie cookie) {String value = cookie.getValue();if (StringUtils.isBlank(value)) {return null;}String[] split = value.split("==");return split[0];}private void setGoingToURL(Map session, ActionInvocation invocation) {String url = "";String namespace = invocation.getProxy().getNamespace();if (StringUtils.isNotBlank(namespace) && !namespace.equals("/")) {url = url + namespace;}String actionName = invocation.getProxy().getActionName();if (StringUtils.isNotBlank(actionName)) {url = url + "/" + actionName + ".action";}session.put(GOING_TO_URL_KEY, url);} }LogoutAction.java，注銷，清空Session中的信息，刪除Cookie

public class LogoutAction extends ActionSupport implements ServletRequestAware,ServletResponseAware {private static final long serialVersionUID = -7680746852412424580L;private HttpServletRequest request;private HttpServletResponse response;public void setServletRequest(HttpServletRequest request) {this.request = request;}public void setServletResponse(HttpServletResponse response) {this.response = response;}public String execute() throws Exception {System.out.println("In logout..." + getNameForLogout());removeFromSession();removeFromCookies();return "login";}void removeFromSession() {HttpSession session = request.getSession(false);if (session != null)session.removeAttribute(LoginInterceptor.USER_SESSION_KEY);}void removeFromCookies() {Cookie[] cookies = request.getCookies();if (cookies != null) {for (Cookie cookie : cookies) {if (LoginInterceptor.COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {cookie.setValue("");cookie.setMaxAge(0);response.addCookie(cookie);return;}}}}String getNameForLogout(){HttpSession session = request.getSession(false);if( session == null){return "Session is null...";}User user = (User)session.getAttribute(LoginInterceptor.USER_SESSION_KEY);return user.getLoginName();} }

User.java，一個(gè)簡(jiǎn)單的JavaBean

public class User {// Used for loginprivate String loginName;private String password;// Information of userprivate String name;private String sex;private int age;//get/set 方法@Overridepublic boolean equals(Object object) {if(object==null || getClass()!=object.getClass()){return false;}User user = (User)object;return strEquals(getLoginName(), user.getLoginName()) &&strEquals(getPassword(), user.getPassword()) &&strEquals(getName(), user.getName()) &&strEquals(getSex(), user.getSex()) &&getAge() == user.getAge();}private boolean strEquals( String s1, String s2 ){if( s1 == null ){return false;}return s1.equals(s2);}@Overridepublic int hashCode() {int result = 47;result = 37*result + Integer.valueOf(age).hashCode();result = 37*result + (loginName==null ? 0 : loginName.hashCode());result = 37*result + (password==null ? 0 : password.hashCode());result = 37*result + (name==null ? 0 : name.hashCode());result = 37*result + (sex==null ? 0 : sex.hashCode());return result;}}UserDAO.java，一個(gè)簡(jiǎn)單的模擬的dao

public class UserDAO {private static Map<String, User> users = new HashMap<String, User>();public UserDAO(){mockUsers();}public User attemptLogin(String loginName, String password) throws UserNotFoundException{User user;if( (user=findUser(loginName)) == null ){throw new UserNotFoundException("Invalid User!");}if( !validPassword(password, user) ){throw new UserNotFoundException("Invalid Password!");}return user;}User findUser( String loginName ){return users.get(loginName);}boolean validPassword( String password, User user ){return password.equals(user.getPassword());}private void mockUsers(){User zhangsan = new User();zhangsan.setLoginName("zhangsan@qq.com");zhangsan.setPassword("zhangsan123");zhangsan.setName("zhangsan");zhangsan.setAge(22);zhangsan.setSex("man");User lisi = new User();lisi.setLoginName("lisi@qq.com");lisi.setPassword("lisi123");lisi.setName("lisi");lisi.setAge(25);lisi.setSex("woman");User wangwu = new User();wangwu.setLoginName("wangwu@qq.com");wangwu.setPassword("wangwu123");wangwu.setName("wangwu");wangwu.setAge(27);wangwu.setSex("man");users.put(zhangsan.getLoginName(), zhangsan);users.put(lisi.getLoginName(), lisi);users.put(wangwu.getLoginName(), wangwu);} }UserNotFoundException.java，之定義封裝的一個(gè) Exception

public class UserNotFoundException extends Exception{private static final long serialVersionUID = -5207325846250567308L;public UserNotFoundException( String message ){super( message );}}login.jsp，登陸頁(yè)面

<%@ page language="java" pageEncoding="UTF-8"%> <%@taglib prefix="s" uri="/struts-tags" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><base href="<%=basePath%>"><title>Login</title></head><body> <h2>Login</h2> <s:actionmessage/> <s:actionerror/> <s:form action="/authority/Login.action" method="post" validate="false" theme="xhtml"><s:textfield name="loginName" label="Username"></s:textfield><br/><s:password name="password" label="Password"></s:password><br/><s:checkbox label="Remember Me" name="rememberMe"></s:checkbox><s:submit value="%{'Login'}"></s:submit> </s:form> <a href="/test_struct2/authority/register.jsp">Register</a> </body> </html>

main.jsp主頁(yè)面

<%@ page language="java" pageEncoding="ISO-8859-1"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><base href="<%=basePath%>"><title>My JSP 'main.jsp' starting page</title><meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--<link rel="stylesheet" type="text/css" href="styles.css">--></head><body>This is Main page. <br><a href="/test_struct2/authority/Logout.action">Logout</a></body> </html>register.jsp ，未實(shí)現(xiàn)。。。

總結(jié)

以上是生活随笔為你收集整理的struts2中用interceptor实现权限控制的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。