Implementation of the function: To determine whether the user is logged in, not logged on users are forbidden to access any page or action, automatically jump to the login page.
It is good practice that no one can directly access the JSP page, to access the action, which becomes a real permission control.
Then there are 3 ways to solve the landlord problem
1, use filter directly
2, directly using WebWork's interceptor,
3, give action to spring management, using spring's AOP mechanism
Giving the user direct access to the JSP is a violation of MVC's original intent.
1 using the filter directly
Web. XML configuration
XML code <filter> <filter-name>SecurityServlet</filter-name> <filter-class>com.*.we b.servlet.securityservlet</filter-class> </filter> <filter-mapping> <filter-name>s ecurityservlet</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> &L T;filter-mapping> <filter-name>SecurityServlet</filter-name> <url-pattern>*.do</ur L-pattern> </filter-mapping>
Securityservlet class
Java code package com.*.web.servlet; import java.io.ioexception; import javax.servlet.filter; import javax.servlet.filterchain; Import javax.servlet.FilterConfig; import javax.servlet.servletexception; Import javax.servlet.ServletRequest; import javax.servlet.servletresponse; Import javax.servlet.http.HttpServlet; import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpservletresponse; import javax.servlet.http.httpsession; public class securityservlet extends httpservlet implements filter { private static final long serialversionuid = 1l; public void dofilter (servletrequest arg0, SERVLETRESPONSE&NBSP;ARG1,&NBSP;FILTERCHAIN&NBSP;ARG2) throws ioexception, servletexception { HttpServletRequest Request= (httpservletrequest) arg0; httpservletresponse response = (HttpServletResponse) arg1; httpsession session = request.getsession (true); String usercode = (String) Request.getremoteuser ();// login String user_role = (String) Session.getattribute ("role");//Login role &nBsp; string url=request.getrequesturi (); if (usercode==null | | ". Equals (usercode) | | user_role == null | | ". Equals (User_role)) { //determines that the obtained path is not empty and does not go to the login page or perform a logon operation when jumping if (Url!=null && !url.equals ("") && ( url.indexof ("Login") <0 && url.indexof ("login") <0 )) { Response.sendredirect (Request.getcontextpath () + "/login.jsp"); return ; } } Arg2.dofilter (ARG0,&NBSP;ARG1); return; } public void init (filterconfig arg0) throws ServletException { } }
The filter-mapping in the configuration defines the type of request that needs to be filtered, and the configuration above filters all requests to the JSP page and action. The implementation of the filter is independent of the STRUTS2, spring Framework, the user request is executed before the corresponding, in the filter, you can use Response.sendredirect ("") and other methods
Jump to the required links, such as login page, error page, etc., do not need to jump, Arg2.dofilter (arg0, arg1), you can continue to execute the user's request. Note When using the filter to avoid two consecutive jumps, otherwise it will be reported java.lang.IllegalStateException error, the specific configuration method on-line, unless necessary, not recommended to use/* (filter All Access) configuration, such configuration, pictures, JS files, Access to CSS files will be filtered
2 Spring Intercept
Spring Configuration
XML code <bean id= "Springsessioninterceptor" class= "Com.*.web.servlet.springlogininterceptor" > </bean> <bean id= " AutoPorxyFactoryBean1 " class=" Org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator "> <property name= "Interceptornames" > <list> <value>springLoginInterceptor</value> </list> </property> <property name= "BeannamEs " > <list> <value>*Controller</value> </list> </property> </bean>
Springlogininterceptor Implementation Class
Java code package com.web.servlet; import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpservletresponse; import javax.servlet.http.httpsession; import org.aopalliance.intercept.methodinterceptor; import org.aopalliance.intercept.methodinvocation ; import org.apache.log4j.logger; import org.apache.struts.action.actionmapping; Public class springlogininterceptor implements MethodInterceptor { private static final logger log = logger .getlogger ( Springlogininterceptor .class); @Override public object invoke (methodinvocation invocation) throws Throwable&nBsp { log.info ("intercept begins. "); Object[] args = Invocation.getarguments (); httpservletrequest request = null; httpservletresponse response = null; ActionMapping mapping = null; for (int i = 0 ; i < args.length ; i++ ) { if (Args[i] instanceof httpservletrequest) request = (httpservletrequest) args[i]; if (args[i] instanceof httpservletresponse) response = ( HttpServletResponse) args[i]; if (args[i] instanceof actionmapping) mapping = (actionmapping) args[ i]; } if (request != null &