用maven生成了appfuse的webssh项目里面东西比较多调查了下做个记录。
web应用中,我们经常使用filter机制来确定外部请求的用户是否登录,角色是否合法等。Spring提供了
一个DelegatingFilterProxy机制来完成filter的部分功能。通过例子做一个简单对比。 二者看起来
没有什么太大的区别,在spring中,filter被纳入了bean 管理机制。
1.servlet filter
* LoginFilter .java
package servlet.filter; import javax.servlet.*; import javax.servlet.http.*; import java.io.*; public class LoginFilter implements Filter { protected FilterConfig filterConfig; public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; } public void destroy() { this.filterConfig = null; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; String username = req.getParameter("j_username"); System.out.println("this is in servlet filter"); chain.doFilter(request, response); } }*web.xml
<filter> <filter-name>simplelogin</filter-name> <filter-class>servlet.filter.LoginFilter</filter-class> <init-param> <param-name>hello</param-name> <param-value>hello filter</param-value> </init-param> </filter> <filter-mapping> <filter-name>simplelogin</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>2. Spring filter
package filter; import java.io.IOException; import java.security.Principal; import javax.servlet.*; import javax.servlet.http.*; import org.apache.commons.logging.*; public class LoginFilter implements Filter { private FilterConfig filterConfig = null; Log log = LogFactory.getLog(LoginFilter.class); public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; Principal principal=request.getUserPrincipal(); HttpServletResponse response=(HttpServletResponse)res; log.info("filter user name:"+request.getParameter("j_username")+":"+principal.toString()); log.info("filter password :"+request.getParameter("j_password")); chain.doFilter(req,res); } public void init(FilterConfig config) throws ServletException { this.filterConfig = config; } public void destroy() { filterConfig = null; } }*
<filter> <description>LoginFilter</description> <display-name> LoginFilter</display-name> <filter-name>LoginFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <description> </description> <param-name>targetBeanName</param-name> <param-value>loginFilter</param-value> </init-param> </filter> <filter-mapping> <filter-name>LoginFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>*spring context config
<bean id="loginFilter" class="filter.LoginFilter" />3.struts2 的拦截器
<interceptors> <!-- 登录验证拦截器 --> <interceptor name="authority" class="com.bolo.examples.common.interceptor.AuthorityInterceptor" /> <!-- 自定义拦截器栈 --> <interceptor-stack name="boloStack"> <!-- 将登录验证拦截器加入默认的拦截器栈中 --> <interceptor-ref name="authority"> <param name="excludeMethods">welcome,login</param> </interceptor-ref> <interceptor-ref name="defaultStack"></interceptor-ref> </interceptor-stack> </interceptors> <!-- 将自定义拦截器栈设置默认的全局拦截器 --> <default-interceptor-ref name="boloStack" /> <!-- 全局跳转页面 --> <global-results> <result name="login">/jump.jsp</result> </global-results>
Interceptor类
/** * 登录验证拦截器 * @author 菠萝大象 */ public class AuthorityInterceptor extends MethodFilterInterceptor{ @Override protected String doIntercept(ActionInvocation actioninvocation) throws Exception { Object user = ServletActionContext.getRequest().getSession().getAttribute("user"); if(user != null){ return actioninvocation.invoke(); //递归调用拦截器 }else{ return Action.LOGIN; //返回到登录页面 } } }