在jsp Servlet中我们通常使用Servlet Filter控制用户是否登入, 是否有权限转到某个页面。在Struts2中我们应该会想到他的拦截器(Interceptor), Interceptor在Struts2中起着非常重要的作用。 很多Struts2中的功能都是使用Interceptor实现的。
需求:简单的登入界面,让用户输入用户名、密码、记住密码(remember me)。 如果用户选中remember me的话, 下次就不需要再登入了(使用cookie实现, 用需要点击logout取消remeber me功能)。 如果用户起始输入的地址不是登入页面的话,在用户登入之后需要转到用户输入的起始地址。
Java代码:LoginInterceptor.java
package com.javaeye.dengyin2000.wallet.interceptor;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.struts2.StrutsStatics;
import com.javaeye.dengyin2000.wallet.dao.UserDAO;
import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;
import com.javaeye.dengyin2000.wallet.domains.User;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class LoginInterceptor extends AbstractInterceptor {
public static final String USER_SESSION_KEY="wallet.session.user";
public static final String COOKIE_REMEMBERME_KEY="wallet.cookie.rememberme";
public static final String GOING_TO_URL_KEY="GOING_TO";
private UserDAO userDao;
@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext actionContext = invocation.getInvocationContext();
HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
Map session = actionContext.getSession();
if (session != null && session.get(USER_SESSION_KEY) != null){
return invocation.invoke();
}
Cookie[] cookies = request.getCookies();
if (cookies!=null) {
for (Cookie cookie : cookies) {
if (COOKIE_REMEMBERME_KEY.equals(cookie.getName())) {
String value = cookie.getValue();
if (StringUtils.isNotBlank(value)) {
String[] split = value.split("==");
String userName = split[0];
String password = split[1];
try {
User user = userDao.attemptLogin(userName, password);
session.put(USER_SESSION_KEY, user);
} catch (UserNotFoundException e) {
setGoingToURL(session, invocation);
return "login";
}
} else {
setGoingToURL(session, invocation);
return "login";
}
return invocation.invoke();
}
}
}
setGoingToURL(session, invocation);
return "login";
}
private void setGoingToURL(Map session, ActionInvocation invocation){
String url = "";
String namespace = invocation.getProxy().getNamespace();
if (StringUtils.isNotBlank(namespace) && !namespace.equals("/")){
url = url + namespace;
}
String actionName = invocation.getProxy().getActionName();
if (StringUtils.isNotBlank(actionName)){
url = url + "/" + actionName + ".action";
}
session.put(GOING_TO_URL_KEY, url);
}
public UserDAO getUserDao() {
return userDao;
}
public void setUserDao(UserDAO userDao) {
this.userDao = userDao;
}
}
首先判断session中有没有用户信息, 如果有的话继续, 如果没有的话,检查cookie中有没有rememberme的值,如果有的话,用==分割, 取得用户名密码进行登入。如果没有这个用户的话,记录下request的action地址然后转到登入页面。如果验证有这个用户,则继续下面的interceptor。 如果cookie中没有信息的话,则记录request的action地址然后转到登入页面。 以上就是LoginInterceptor的全部代码。
下面我们看看struts.xml
XML代码:struts.xml
/login.jsp /index.jsp ${goingToURL} /login.jsp /login.jsp /register.jsp
我们是使用的默认的interceptor stack是loginInterceptor, 如果你需要让不登入的用户也能访问的话,你需要配置你的action使用defaultStack。 我们这里的login, register使用的就是defaultStack。 这里要注意的是success的result是我们用LoginInterceptor设过来的值。 这样我们就能够转到用户输入的起始页面。 下面我们再来看看login.jsp 和 loginAction
Jsp代码:login.jsp
<%@taglib prefix="s" uri="/struts-tags" %>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
Wallet-Login
Login
< s:password name="password" label="Password">
Register
<%@taglib prefix="s" uri="/struts-tags" %>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
Wallet-Login
Login
Register
Java代码:LoginAction.java
package com.javaeye.dengyin2000.wallet.actions;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.struts2.interceptor.CookiesAware;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
import org.apache.struts2.interceptor.SessionAware;
import com.javaeye.dengyin2000.wallet.dao.UserDAO;
import com.javaeye.dengyin2000.wallet.dao.UserNotFoundException;
import com.javaeye.dengyin2000.wallet.domains.User;
import com.javaeye.dengyin2000.wallet.interceptor.LoginInterceptor;
import com.opensymphony.xwork2.ActionSupport;
public class LoginAction extends ActionSupport implements ServletResponseAware, ServletRequestAware, SessionAware, CookiesAware{
private UserDAO userDao;
private String loginName;
private String password;
private boolean rememberMe;
private HttpServletResponse response;
private HttpServletRequest request;
private Map session;
private Map cookies;
private String goingToURL;
public String getGoingToURL() {
return goingToURL;
}
public void setGoingToURL(String goingToURL) {
this.goingToURL = goingToURL;
}
public boolean isRememberMe() {
return rememberMe;
}
public void setRememberMe(boolean rememberMe) {
this.rememberMe = rememberMe;
}
public String getLoginName() {
return loginName;
}
public void setLoginName(String loginName) {
this.loginName = loginName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String login()throws Exception{
try {
User user = userDao.attemptLogin(loginName, password);
if (rememberMe){
Cookie cookie = new Cookie(LoginInterceptor.COOKIE_REMEMBERME_KEY, user.getLoginName() + "==" + user.getPassword());
cookie.setMaxAge(60 * 60 * 24 * 14);
response.addCookie(cookie);
}
session.put(LoginInterceptor.USER_SESSION_KEY, user);
String goingToURL = (String) session.get(LoginInterceptor.GOING_TO_URL_KEY);
if (StringUtils.isNotBlank(goingToURL)){
setGoingToURL(goingToURL);
session.remove(LoginInterceptor.GOING_TO_URL_KEY);
}else{
setGoingToURL("index.action");
}
return SUCCESS;
} catch (UserNotFoundException e) {
addActionMessage("user name or password is not corrected.");
return INPUT;
}
}
public UserDAO getUserDao() {
return userDao;
}
public void setUserDao(UserDAO userDao) {
this.userDao = userDao;
}
public void setServletResponse(HttpServletResponse response) {
this.response = response;
}
public void setServletRequest(HttpServletRequest request) {
this.request = request;
}
public void setSession(Map session) {
this.session = session;
}
public void setCookiesMap(Map cookies) {
this.cookies = cookies;
}
}
这里需要注意的是需要把cookie也清理下。
applicationContext-struts.xml