我正在制作一个 Struts 2 Web 应用程序,其中注销后可以从浏览器后退按钮返回页面,我不想在我的应用程序中使用。我还在每个请求之前使用自定义拦截器来验证用户。但它也没有以渴望的方式工作。我的代码如下
web.xml
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>loginlogout</display-name>
<filter>
<filter-name>struts</filter-name>
<filter-
class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-
class>
</filter>
<filter-mapping>
<filter-name>struts</filter-name>
<url-pattern>/action/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>15</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>login.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>bloack_jsp_access</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
</security-constraint>
</web-app>
struts.xml
<struts>
<constant name="struts.devMode" value="true"></constant>
<package name="default" extends="struts-default" namespace="/action">
<interceptors>
<interceptor name="secure" class="com.inter.Authentication"></interceptor>
<interceptor-stack name="secureStack">
<interceptor-ref name="secure"/>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
</interceptors>
<action name="loginAction" class="com.action.Login">
<result name="success" type="redirectAction">
<param name="actionName">task</param>
<param name="namespace">/action</param>
</result>
<result name="input">/login.html</result>
</action>
<action name="logoutAction" class="com.action.Login" method="logout">
<result name="success">/login.html</result>
</action>
<action name="task">
<interceptor-ref name="secureStack"></interceptor-ref>
<result>/welcome.jsp</result>
<result name="login">/login.html</result>
</action>
</package>
登录操作.java
package com.action;
import java.util.Map;
import model.User;
import org.apache.struts2.dispatcher.SessionMap;
import org.apache.struts2.interceptor.SessionAware;
import com.opensymphony.xwork2.ActionSupport;
public class Login extends ActionSupport implements SessionAware {
private static final long serialVersionUID = 1L;
private String userName;
private String userPass;
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getUserPass() {
return userPass;
}
public void setUserPass(String userPass) {
this.userPass = userPass;
}
private SessionMap<String, Object> session;
public SessionMap<String, Object> getSession() {
return session;
}
@Override
public void setSession(Map<String, Object> session) {
this.session=(SessionMap<String, Object>) session;
}
private boolean validateUser(User user){
if(userName.equals("sandip") && userPass.equals("12345")){
return true;
}else
return false;
}
@Override
public String execute(){
clearFieldErrors();
User user=(User)session.get("user");
if(user!=null){
return SUCCESS;
}else{
User u=new User(userName,userPass);
if(validateUser(u)){
session.put("user", u);
return SUCCESS;
}else{
addFieldError("invalid", "invalid login credentials");
}
return INPUT;
}
}
public String logout(){
session.remove("user");
session.invalidate();
return SUCCESS;
}
}
Authentication.java(拦截器)
@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
Map<String, Object> session=actionInvocation.getInvocationContext().getSession();
User user=(User) session.get("user");
if(user==null){
return ActionSupport.LOGIN;
}
else{
return actionInvocation.invoke();
}
}
登录.html
<form action="action/loginAction" method="post">
User Name:<input type="text" name="userName"/>
Password :<input type="password" name="userPass"/>
<input type="submit" value="login"/>
</form>
欢迎.jsp
hello <s:property value="#session['user'].userName"/><br/>
<a href="action/logoutAction">logout</a>