10

我目前正在学习 Struts 2,并且我目前正在构建一个简单的应用程序,其中未经验证的用户被重定向到登录表单。

我有一个登录表单和操作功能,它获取用户凭据,验证它们并将用户对象存储在会话中但是我现在试图在登录发生之前阻止对页面的访问,我正在尝试使用拦截器来做到这一点.

我的问题是我编写了一个拦截器来检查用户对象是否已保存在会话中,但如果没有,我想重定向到登录页面,并且在不绕过 struts 和使用HttpServletResponse.sendRedirect 方法

配置:

<package name="mypackage" extends="struts-default" namespace="/admin">

    <interceptors>
        <interceptor name="login" class="my.LoginInterceptor" />
    </interceptors>

    <default-interceptor-ref name="login"/>

    <action name="login" class="my.LoginAction">
        <result name="input">/admin/login.jsp</result>
        <result name="success" type="redirect">/admin</result>
    </action>

    <action name="private" class="my.PrivateAction">
        <result>/admin/private.jsp</result>
    </action>

</package>

拦截器代码:

@Override
public String intercept(ActionInvocation inv) throws Exception {

    Map<String, Object> session = inv.getInvocationContext().getSession();

    Object user = session.get("user");
    if(user == null) {

                      // redirect to the 'login' action here            

    }
    else {
        return inv.invoke();
    }

}
4

3 回答 3

18

The standard way is to return a special global result (eg "login") and define a global mapping from that result to your admin/login.jsp. So you just must add this line:

if(user == null) {
      return "login";
}

And in your struts.xml:

<global-results>
   <result name="login">/admin/login.jsp</result>
</global-results>

BTW, I'm afraid that you are replacing the default Struts2 interceptor stack with your single interceptor, normally you want to add your interceptor to the stack. Eg:

<interceptors>
 <interceptor name="login" class="my.LoginInterceptor" />

 <interceptor-stack name="stack-with-login">
  <interceptor-ref name="login"/>
  <interceptor-ref name="defaultStack"/>
 </interceptor-stack>
</interceptors>
<default-interceptor-ref name="stack-with-login"/>

BTW2: You must NOT apply the interceptor to your login action, of course.

于 2010-06-08T18:04:23.023 回答
2

You can find the complete example of struts2 with a custom Login Interceptor here

http://sandeepbhardwaj.github.io/2010/12/01/struts2-with-login-interceptor.html

great tutorial.

于 2010-12-14T10:27:35.853 回答
0

If you need to use send redirect, return null to avoid this problem (example redirecting from www.domain.com to domain.com):

public String intercept(final ActionInvocation invocation) throws Exception {

    String url=RequestUtil.getURLWithParams();  //you should implement this
    int index=url.indexOf("www");
    if (index!=-1 && index<10) {
        //Note: <10 to check that the www is in the domain main url
        //https://localhost:8443/mycontext/myaction.action?oneparam=http://www.youtube.com/user/someuser
        String redirection=url.replaceFirst("www\\.", ""); 
        LOG.debug("Redirection from "+url+" to "+redirection);
        RequestUtil.getResponse().setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
        RequestUtil.getResponse().sendRedirect(redirection);
        return null;
    }
    return invocation.invoke();
}
于 2014-07-03T05:25:33.327 回答