web.xml配置
Xml代碼 <filter> <filter-name>SecurityServlet</filter-name> <filter-class>com.*.web.servlet.SecurityServlet</filter-class> </filter> <filter-mapping> <filter-name>SecurityServlet</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>SecurityServlet</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping>
SecurityServlet 類
Java代碼 package com.*.web.servlet; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class SecurityServlet extends HttpServlet implements Filter { private static final long serialVersionUID = 1L; public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { HttpServletRequest request=(HttpServletRequest)arg0; HttpServletResponse response =(HttpServletResponse) arg1; HttpSession session = request.getSession(true); String usercode = (String) request.getRemoteUser();// 登入人 String user_role = (String)session.getAttribute("role");//登入人角色 String url=request.getRequestURI(); if(usercode==null || "".equals(usercode) || user_role == null || "".equals(user_role)) { //判斷擷取的路徑不為空白且不是訪問登入頁面或執行登入操作時跳轉 if(url!=null && !url.equals("") && ( url.indexOf("Login")<0 && url.indexOf("login")<0 )) { response.sendRedirect(request.getContextPath() + "/login.jsp"); return ; } } arg2.doFilter(arg0, arg1); return; } public void init(FilterConfig arg0) throws ServletException { } }
配置中的filter-mapping,定義的是需過濾的請求類型,上面的配置即過濾所有對jsp頁面和action的請求。過濾器的實現與 struts2、spring架構無關,在使用者請求被相應前執行,在過濾器中,可使用response.sendRedirect("")等方法
跳轉到需要的連結,如登入頁面、錯誤頁面等,不需要跳轉時,arg2.doFilter(arg0, arg1);即可繼續執行使用者的請求。注意使用filter時避免連續兩次跳轉,否則會報 java.lang.IllegalStateException錯誤,具體配置方法網上有,除非必要,不建議使用/*(過濾所有訪問)的配置方式,這樣 配置,圖片、js檔案、css檔案等訪問都會被過濾
2 Spring攔截
Spring配置
Xml代碼 <bean id="springSessionInterceptor" class="com.*.web.servlet.SpringLoginInterceptor" > </bean> <bean id="autoPorxyFactoryBean1" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator"> <property name="interceptorNames"> <list> <value>springLoginInterceptor</value> </list> </property> <property name="beanNames" > <list> <value>*Controller</value> </list> </property> </bean>
SpringLoginInterceptor實作類別
Java代碼 package com.web.servlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.aopalliance.intercept.MethodInterceptor; import org.aopalliance.intercept.MethodInvocation; import org.apache.log4j.Logger; import org.apache.struts.action.ActionMapping; public class SpringLoginInterceptor implements MethodInterceptor { private static final Logger log = Logger .getLogger(SpringLoginInterceptor .class); @Override public Object invoke(MethodInvocation invocation) throws Throwable { log.info("攔截開始。"); Object[] args = invocation.getArguments(); HttpServletRequest request = null; HttpServletResponse response = null; ActionMapping mapping = null; for (int i = 0 ; i < args.length ; i++ ) { if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i]; if (args[i] instanceof HttpServletResponse) response = (HttpServletResponse)args[i]; if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i]; } if (request != null &
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
