java用户登录拦截判断
用maven生成了appfuse的webssh项目里面东西比较多调查了下做个记录。
web应用中,我们经常使用filter机制来确定外部请求的用户是否登录,角色是否合法等。Spring提供了
一个DelegatingFilterProxy机制来完成filter的部分功能。通过例子做一个简单对比。 二者看起来
没有什么太大的区别,在spring中,filter被纳入了bean 管理机制。
1.servlet filter
* LoginFilter .java
package servlet.filter;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class LoginFilter implements Filter {
protected FilterConfig filterConfig;
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
public void destroy() {
this.filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws java.io.IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String username = req.getParameter("j_username");
System.out.println("this is in servlet filter");
chain.doFilter(request, response);
}
}
*web.xml
<filter> <filter-name>simplelogin</filter-name> <filter-class>servlet.filter.LoginFilter</filter-class> <init-param> <param-name>hello</param-name> <param-value>hello filter</param-value> </init-param> </filter> <filter-mapping> <filter-name>simplelogin</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>2. Spring filter
*LoginFilter.java
package filter;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.*;
import javax.servlet.http.*;
import org.apache.commons.logging.*;
public class LoginFilter implements Filter {
private FilterConfig filterConfig = null;
Log log = LogFactory.getLog(LoginFilter.class);
public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
Principal principal=request.getUserPrincipal();
HttpServletResponse response=(HttpServletResponse)res;
log.info("filter user name:"+request.getParameter("j_username")+":"+principal.toString());
log.info("filter password :"+request.getParameter("j_password"));
chain.doFilter(req,res);
}
public void init(FilterConfig config) throws ServletException {
this.filterConfig = config;
}
public void destroy() {
filterConfig = null;
}
}
*web.xml
<filter> <description>LoginFilter</description> <display-name> LoginFilter</display-name> <filter-name>LoginFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <description> </description> <param-name>targetBeanName</param-name> <param-value>loginFilter</param-value> </init-param> </filter> <filter-mapping> <filter-name>LoginFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>*spring context config
<bean id="loginFilter" class="filter.LoginFilter" />3.struts2 的拦截器
<interceptors> <!-- 登录验证拦截器 --> <interceptor name="authority" class="com.bolo.examples.common.interceptor.AuthorityInterceptor" /> <!-- 自定义拦截器栈 --> <interceptor-stack name="boloStack"> <!-- 将登录验证拦截器加入默认的拦截器栈中 --> <interceptor-ref name="authority"> <param name="excludeMethods">welcome,login</param> </interceptor-ref> <interceptor-ref name="defaultStack"></interceptor-ref> </interceptor-stack> </interceptors> <!-- 将自定义拦截器栈设置默认的全局拦截器 --> <default-interceptor-ref name="boloStack" /> <!-- 全局跳转页面 --> <global-results> <result name="login">/jump.jsp</result> </global-results>
Interceptor类
/**
* 登录验证拦截器
* @author 菠萝大象
*/
public class AuthorityInterceptor extends MethodFilterInterceptor{
@Override
protected String doIntercept(ActionInvocation actioninvocation) throws Exception {
Object user = ServletActionContext.getRequest().getSession().getAttribute("user");
if(user != null){
return actioninvocation.invoke(); //递归调用拦截器
}else{
return Action.LOGIN; //返回到登录页面
}
}
}