Implementation of the function: To determine whether the user is logged in, the user does not log in to prevent access to any page or action, automatically jump to the login page.
The good thing is that no one can access the JSP page directly, to access the action, which becomes a real authority control.
Then there are 3 ways to solve the landlord's problem
1, direct use of filter
2, directly using WebWork's interceptor,
3, give the action to spring management, using spring's AOP mechanism
Allowing users to access the JSP directly would have violated MVC's intent.
1 Direct use of filter
Web.xml Configuration
Import java.io.IOException;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServlet;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;
Import javax.servlet.http.HttpSession;
public class Securityservlet extends HttpServlet implements Filter {
Private static final long serialversionuid = 1L;
public void Dofilter (ServletRequest arg0, Servletresponse arg1, Filterchain arg2) throws IOException, Servletexception {
HttpServletRequest request= (httpservletrequest) arg0;
HttpServletResponse response = (httpservletresponse) arg1;
HttpSession session = Request.getsession (true);
String usercode = (string) request.getremoteuser ();//Login person
String user_role = (string) session.getattribute ("role");//Login character
String Url=request.getrequesturi ();
if (Usercode==null | | "". Equals (Usercode) | | User_role = = NULL | | "". Equals (User_role)) {
To determine that the obtained path is not empty and is not a jump when accessing the login page or performing a logon operation
if (Url!=null &&!url.equals ("") && (Url.indexof ("login") <0 && url.indexof ("login") <0)) {
Response.sendredirect (Request.getcontextpath () + "/login.jsp");
return;
}
}
Arg2.dofilter (arg0, arg1);
Return
}
public void init (Filterconfig arg0) throws Servletexception {
}
}
The filter-mapping in the configuration defines the type of request that needs to be filtered, and the above configuration filters all requests for JSP pages and action. The implementation of the filter is independent of the STRUTS2, spring Framework, and is executed before the user request is corresponding, and in the filter, the Response.sendredirect ("") can be used
Jump to the required links, such as login page, error page, etc., do not need to jump, Arg2.dofilter (arg0, arg1), you can continue to execute the user's request. Note the use of filter to avoid two consecutive jumps, or you will report java.lang.IllegalStateException errors, specific configuration methods on the Internet, unless necessary, do not recommend the use of/* (filtering All Access) configuration, such configuration, pictures, JS files, CSS file access will be filtered
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.