Spring filter filter, spring blocks non-logged on user permission limit (GO)

Implementation of the function: To determine whether the user is logged in, not logged on users are forbidden to access any page or action, automatically jump to the login page.
It is good practice that no one can directly access the JSP page, to access the action, which becomes a real permission control.
Then there are 3 ways to solve the landlord problem
1, use filter directly
2, directly using WebWork's interceptor,
3, give action to spring management, using spring's AOP mechanism

Giving the user direct access to the JSP is a violation of MVC's original intent.
1 using the filter directly

Web. XML configuration

XML code <filter> <filter-name>SecurityServlet</filter-name> <filter-class>com.*.we b.servlet.securityservlet</filter-class> </filter> <filter-mapping> <filter-name>s ecurityservlet</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> &L T;filter-mapping> <filter-name>SecurityServlet</filter-name> <url-pattern>*.do</ur L-pattern> </filter-mapping>


Securityservlet class
Java code   package com.*.web.servlet;      import java.io.ioexception;    import javax.servlet.filter;   import javax.servlet.filterchain;   Import  javax.servlet.FilterConfig;   import javax.servlet.servletexception;   Import  javax.servlet.ServletRequest;   import javax.servlet.servletresponse;   Import  javax.servlet.http.HttpServlet;   import javax.servlet.http.httpservletrequest;    import javax.servlet.http.httpservletresponse;   import  javax.servlet.http.httpsession;   public class securityservlet extends  httpservlet implements filter {       private static  final long serialversionuid = 1l;          public  void dofilter (servletrequest arg0, SERVLETRESPONSE&NBSP;ARG1,&NBSP;FILTERCHAIN&NBSP;ARG2)  throws ioexception, servletexception  {              HttpServletRequest  Request= (httpservletrequest) arg0;                  httpservletresponse response  = (HttpServletResponse)  arg1;                   httpsession  session = request.getsession (true);                    String usercode =  (String)   Request.getremoteuser ();//  login                String user_role =  (String) Session.getattribute ("role");//Login role             &nBsp;  string url=request.getrequesturi ();                  if (usercode==null | |   ". Equals (usercode)  | |  user_role == null | |   ". Equals (User_role))  {                          //determines that the obtained path is not empty and does not go to the login page or perform a logon operation when jumping                         if (Url!=null && !url.equals ("")  &&  ( url.indexof ("Login") <0 && url.indexof ("login") <0 ))  {                            Response.sendredirect (Request.getcontextpath ()  +  "/login.jsp");                            return ;                       }                              }                    Arg2.dofilter (ARG0,&NBSP;ARG1);                   return;          }        public void init (filterconfig arg0)  throws ServletException {        }     }  
The filter-mapping in the configuration defines the type of request that needs to be filtered, and the configuration above filters all requests to the JSP page and action. The implementation of the filter is independent of the STRUTS2, spring Framework, the user request is executed before the corresponding, in the filter, you can use Response.sendredirect ("") and other methods

Jump to the required links, such as login page, error page, etc., do not need to jump, Arg2.dofilter (arg0, arg1), you can continue to execute the user's request. Note When using the filter to avoid two consecutive jumps, otherwise it will be reported java.lang.IllegalStateException error, the specific configuration method on-line, unless necessary, not recommended to use/* (filter All Access) configuration, such configuration, pictures, JS files, Access to CSS files will be filtered


2 Spring Intercept

Spring Configuration
XML code   <bean id= "Springsessioninterceptor"  class= "Com.*.web.servlet.springlogininterceptor"  >        </bean>   <bean id= " AutoPorxyFactoryBean1 "           class=" Org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator ">            <property name= "Interceptornames" >                <list>                    <value>springLoginInterceptor</value>                </list>           </property>            <property name= "BeannamEs " >           <list>                <value>*Controller</value>               </list>            </property>       </bean>   
Springlogininterceptor Implementation Class
Java code   package com.web.servlet;      import  javax.servlet.http.httpservletrequest;   import javax.servlet.http.httpservletresponse;    import javax.servlet.http.httpsession;      import  org.aopalliance.intercept.methodinterceptor;   import org.aopalliance.intercept.methodinvocation ;   import org.apache.log4j.logger;   import  org.apache.struts.action.actionmapping;      Public class springlogininterceptor  implements MethodInterceptor {       private static  final logger log = logger       .getlogger ( Springlogininterceptor .class);           @Override        public object invoke (methodinvocation invocation)  throws  Throwable&nBsp {           log.info ("intercept begins. ");           Object[] args =  Invocation.getarguments ();              httpservletrequest request = null;            httpservletresponse response = null;            ActionMapping  mapping = null;            for  (int i = 0 ; i < args.length ; i++ )      {             if  (Args[i]  instanceof httpservletrequest)  request =  (httpservletrequest) args[i];                 if  (args[i] instanceof httpservletresponse)  response =  ( HttpServletResponse) args[i];                 if  (args[i] instanceof actionmapping)  mapping =  (actionmapping) args[ i];              }            if  (request != null &