我认为你尝试做这样的事情:
public class MyPageActionBean implements ActionBean {
private ActionBeanContext context;
public ActionBeanContext getContext() {
return context;
}
public void setContext(ActionBeanContext context) {
this.context = context;
}
@DefaultHandler
public Resolution view() {
String login =
(String)context.getRequest().getSession().getAttribute("login");
if (login==null) {
return new RedirectResolution(LoginActionBean.class);
} else {
// do you're normal stuff here
}
}
}
但更完整的安全解决方案是实施Stripes Security Interceptor。
嗯。这不好。
所有方法中的重复代码。
public Resolution view1()
{
String login=....
if () {...}
else {...}
}
public Resolution view2()
{
String login=....
if () {...}
else {...}
}
public Resolution view3()
{
String login=....
if () {...}
else {...}
}
所以,我去阅读 Stripes Security Interceptor。
谢谢。
我认为您的问题是在用户未登录时在登录页面上重定向用户。在每个 actionBean 上使用@before不是一个好主意。为此,您可以通过扩展 SpringInterceptorSupport 来制作自己的拦截器。
@Intercepts(LifecycleStage.ActionBeanResolution)
public class MyInterceptor extends SpringInterceptorSupport {
private static final List<Class<? extends ActionBean>> ALLOW = Arrays.asList(LoginActionBean.class, anyOtherActionBeanAllowedWithoutLogin.class);
@Override
@SuppressWarnings({ "rawtypes" })
public Resolution intercept(ExecutionContext execContext) throws Exception {
Resolution resolution = execContext.proceed();
ActionBean actionBean = execContext.getActionBean();
Class<? extends ActionBean> destinationclass = actionBean.getClass();
if (!ALLOW.contains(destinationclass) && !isSessionExist()) {
resolution = new RedirectResolution(LoginActionBean.class);
}
return resolution;
}
private boolean isSessionExist() {
String login = (String)context.getRequest().getSession().getAttribute("login");
return login != null;
}
}