sturts配置登陆拦截器

一般页面登录拦截有两种思路：

客户端拦截

一种是写在js中   通过一个变量来判断用户是否登录  未登录则退出

代码如下：

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://"
+ request.getServerName() + ":" + request.getServerPort()
+ path + "/";
Object sessionValues =  request.getSession().getAttribute("uflag");
%>

<script src="<%=basePath %>/scripts/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">
  // 登录判断代码
var sessionValuesTemp = <%=sessionValues%>;
function valiUser() {
if (sessionValuesTemp !=1) {
window.location.href = "<%=basePath%>login.jsp";
}
}


$(function() {
valiUser();
}); 
</script>

但是客户端拦截容易被用户在浏览器中做手脚，影响到安全性

所以 安全性要求高的 我们都会在服务器端进行验证

服务端spring+sturts登录拦截

原理是利用sturts的过滤功能，在我们配置的路径下的请求都会先经过我们的验证类，如果验证成功才继续跳转。

代码如下：

sturts.xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.1.7//EN"
"http://struts.apache.org/dtds/struts-2.1.7.dtd">
<struts>


<!-- 登陆拦截器 -->  
<package name="login-default" extends="json-default">
        <interceptors>  
            <interceptor name="loginStack" class="authorityBean"> </interceptor>  
            <!-- 拦截器栈 -->  
            <interceptor-stack name="mydefault">  
                <interceptor-ref name="defaultStack" />  
                <interceptor-ref name="loginStack" />  
            </interceptor-stack>  
        </interceptors>
<!-- 拦截此包下的所有 -->
<default-interceptor-ref name="loginStack"></default-interceptor-ref>
<!-- 拦截器拦截后跳转到此登陆页面 -->
<global-results>
            <result name="login">/login.jsp</result>
        </global-results>
</package>




<!-- 此包下 包含了  不需要登陆 一级页面 -->
<package name="staticPage" extends="json-default" namespace="/">
   <action name="login" class="login" >
<interceptor-ref name="json">
<param name="root">loginParams</param>
</interceptor-ref>

<result type="json">
<param name="root">ajaxResult</param>
</result>

<result name="login">/login.jsp</result>
</action>
</package>


<!-- 用户报告 -->
<package name="reportPackage" extends="login-default" namespace="/report">
<action name="testJson" class="testAction">
<result type="json"></result>
</action> 

<action name="indexList"  method="indexList" class="queryAction">
<result name="success">reports/indexlist.jsp</result>
</action> 
</package>

spring.xml

<?xml version="1.0" encoding="utf-8"?>
<!-- 指定Spring配置文件的Schema信息 -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mongo="http://www.springframework.org/schema/data/mongo"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans  
    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd  
    http://www.springframework.org/schema/tx  
    http://www.springframework.org/schema/tx/spring-tx-3.0.xsd  
    http://www.springframework.org/schema/context  
    http://www.springframework.org/schema/context/spring-context-3.1.xsd  
    http://www.springframework.org/schema/aop  
    http://www.springframework.org/schema/aop/spring-aop-3.1.xsd">


<bean id="queryAction" class="action.QueryAction">
<property name="resultTxtReposity">
<ref bean="resultTxtReposity" />
</property>
</bean>

<bean id="login" class="action.LoginAction">
<property name="userReposity">
<ref bean="userReposity" />
</property>
</bean>

<bean id = "authorityBean" class="action.core.LoginInterceptor">
<property name="userReposity">
<ref bean="userReposity" />
</property>
</bean>



</beans>  

LoginInterceptor.java

package action.core;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpSession;
import org.apache.struts2.ServletActionContext;
import reposity.UserReposity;
import action.LoginAction;
import action.service.UserService;


import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;


import entity.User;


@SuppressWarnings("serial")
public class LoginInterceptor extends AbstractInterceptor {

private UserReposity userReposity;


@Override
public String intercept(ActionInvocation invocation) throws Exception {

HttpSession session = ServletActionContext.getRequest().getSession();
Cookie[] cookies = ServletActionContext.getRequest().getCookies();

//session判断当前用户是否登陆
if(session.getAttribute("uflag") != null && 
LoginAction.ISLOGIN == Integer.valueOf(session.getAttribute("uflag").toString())){
return invocation.invoke(); 
}

if(cookies == null) return invocation.invoke();

//获取cookie
String username = null, password = null, rememberme = null;
for (Cookie cookie : cookies) {
if(cookie.getName().equals("user")){
username = cookie.getValue();
}
if(cookie.getName().equals("cookie")){
password = cookie.getValue();
}
if(cookie.getName().equals("rememberme")){
rememberme = cookie.getValue();
}
}

if(username == null || password == null || !LoginAction.REMEMBER_ME.equals(rememberme)){
return Action.LOGIN; 
}


//验证cookie的有效性
User user = UserService.findUser(userReposity, username, password);
if(user != null){
session.setAttribute("uflag",1);
session.setAttribute("acount",user);
return invocation.invoke(); 
} 
        return Action.LOGIN;  
}



public UserReposity getUserReposity() {
return userReposity;
}


public void setUserReposity(UserReposity userReposity) {
this.userReposity = userReposity;
}



}