java用户登录拦截判断

用maven生成了appfuse的webssh项目里面东西比较多调查了下做个记录。

web应用中,我们经常使用filter机制来确定外部请求的用户是否登录,角色是否合法等。Spring提供了
一个DelegatingFilterProxy机制来完成filter的部分功能。通过例子做一个简单对比。   二者看起来
没有什么太大的区别,在spring中,filter被纳入了bean 管理机制。

1.servlet filter
* LoginFilter .java 

package servlet.filter;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class LoginFilter implements Filter {
protected FilterConfig filterConfig;
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
public void destroy() {
this.filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws java.io.IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String username = req.getParameter("j_username");
System.out.println("this is in servlet filter");
chain.doFilter(request, response);
}
}
*web.xml
<filter>
<filter-name>simplelogin</filter-name>
<filter-class>servlet.filter.LoginFilter</filter-class>
<init-param>
<param-name>hello</param-name>
<param-value>hello filter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>simplelogin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2. Spring filter 
*LoginFilter.java
package filter;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.*;
import javax.servlet.http.*;
import org.apache.commons.logging.*;
public class LoginFilter implements Filter {
private FilterConfig filterConfig = null;
Log log = LogFactory.getLog(LoginFilter.class);
public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
Principal principal=request.getUserPrincipal();
HttpServletResponse response=(HttpServletResponse)res; 
log.info("filter user name:"+request.getParameter("j_username")+":"+principal.toString());
log.info("filter password :"+request.getParameter("j_password"));
chain.doFilter(req,res);
}
public void init(FilterConfig config) throws ServletException {
this.filterConfig = config;
}
public void destroy() {
filterConfig = null;
}
}
*
web.xml
<filter>
<description>LoginFilter</description>
<display-name> LoginFilter</display-name>
<filter-name>LoginFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<description>
</description>
<param-name>targetBeanName</param-name>
<param-value>loginFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
*spring context config
<bean id="loginFilter" class="filter.LoginFilter" />
3.struts2 的拦截器

<interceptors>
	<!-- 登录验证拦截器 -->
	<interceptor name="authority"
		class="com.bolo.examples.common.interceptor.AuthorityInterceptor" />
	<!-- 自定义拦截器栈 -->
	<interceptor-stack name="boloStack">
		<!-- 将登录验证拦截器加入默认的拦截器栈中 -->
		<interceptor-ref name="authority">
			<param name="excludeMethods">welcome,login</param>
		</interceptor-ref>
		<interceptor-ref name="defaultStack"></interceptor-ref>
	</interceptor-stack>
</interceptors>
<!-- 将自定义拦截器栈设置默认的全局拦截器 -->
<default-interceptor-ref name="boloStack" />
<!-- 全局跳转页面 -->
<global-results>
	<result name="login">/jump.jsp</result>
</global-results>

Interceptor类

/**
 * 登录验证拦截器
 * @author 菠萝大象
 */
public class AuthorityInterceptor extends MethodFilterInterceptor{

	@Override
	protected String doIntercept(ActionInvocation actioninvocation) throws Exception {
		Object user = ServletActionContext.getRequest().getSession().getAttribute("user");
		if(user != null){
			return actioninvocation.invoke(); //递归调用拦截器
		}else{
			return Action.LOGIN; //返回到登录页面
		}
	}
}





你可能感兴趣的:(spring,filter)