Struts2.5使用拦截器实现权限控制的简单应用
整个案例的结构图
BookAction.java
package cn.itcast.action;
import com.opensymphony.xwork2.ActionSupport;
public class BookAction extends ActionSupport {
/**
*
*/
private static final long serialVersionUID = 1L;
public String add(){
System.out.println("book add");
return SUCCESS;
}
public String del(){
System.out.println("book delete");
return SUCCESS;
}
public String update(){
System.out.println("book update");
return SUCCESS;
}
public String find(){
System.out.println("book find");
return SUCCESS;
}
}
LoginAction.java
package cn.itcast.action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;
import com.opensymphony.xwork2.ModelDriven;
import cn.itcast.domain.User;
public class LoginAction extends ActionSupport implements ModelDriven<User> {
/**
*
*/
private static final long serialVersionUID = 1L;
private User user = new User();
public User getModel(){
return user;
}
public String execute() throws Exception{
//获取ActionContext
ActionContext context = ActionContext.getContext();
if("tom".equals(user.getUsername())&&"123".equals(user.getPassword())){
//将用户储存 在 session中
context.getSession().put("user", user);
return SUCCESS;
}else{
context.put("msg","用户名或密码不正确");
return INPUT;
}
}
}
User.java
package cn.itcast.domain;
public class User {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
PrivilegeInterceptor.java
package cn.itcast.interceptor;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class PrivilegeInterceptor extends AbstractInterceptor {
/**
*
*/
private static final long serialVersionUID = 1L;
@Override
public String intercept(ActionInvocation invocation) throws Exception {
//得到ActionContext
ActionContext context = invocation.getInvocationContext();
//获取 user对象
Object user = context.getSession().get("user");
if(user!=null){
return invocation.invoke(); //继续向下 执行
}else{
context.put("msg", "您还未登录,请先登录");
return Action.LOGIN; //如果用户不存在 返回login值
}
}
}
struts.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- 指定struts2配置文件的DTD信息 -->
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.3//EN"
"http://struts.apache.org/dtds/struts-2.3.dtd">
<!-- struts配置文件的根元素 -->
<struts>
<!-- <constant name="struts.enable.DynamicMethodInvocation" value="true"/> -->
<!-- struts2的Action必须放在 指定的包空间下定义 -->
<package name="struts2" namespace="/" extends="struts-default">
<!-- 声明拦截器 -->
<interceptors>
<interceptor name="privilege" class="cn.itcast.interceptor.PrivilegeInterceptor"/>
<interceptor-stack name="myStack">
<interceptor-ref name="defaultStack"></interceptor-ref>
<interceptor-ref name="privilege"></interceptor-ref>
</interceptor-stack>
</interceptors>
<action name="login" class="cn.itcast.action.LoginAction">
<!-- 定义处理结果和视图资源的映射关系 -->
<result>/main.jsp</result>
<result name="input">/login.jsp</result>
</action>
<action name="book_*" class="cn.itcast.action.BookAction" method="{1}">
<result>/success.jsp</result>
<result name="login">/login.jsp</result>
<!-- 在action中使用自定义拦截器 -->
<interceptor-ref name="myStack"/>
<allowed-methods>add,del,update,find</allowed-methods>
</action>
</package>
</struts>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<!-- 配置struts2核心控制器 -->
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 首页 -->
<welcome-file-list>
<welcome-file>main.jsp</welcome-file>
</welcome-file-list>
</web-app>login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>登录</title>
</head>
<body>
<center>
${requestScope.msg }<br>
<form action="/chapter03/login.action" method="post">
<table>
<tr>
<td><label style="text-algin:right">用户名:</label></td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td><label style="text-algin:right">密码 :</label></td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td align="right" colspan="2">
<input type="submit" value="登录">
</td>
</tr>
</table>
</form>
</center>
</body>
</html>main.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>main.jsp</title>
</head>
<body>
<a href="/chapter03/book_del">book del</a><br>
<a href="/chapter03/book_add">book add</a><br>
<a href="/chapter03/book_update">book update</a><br>
<a href="/chapter03/book_find">book find</a><br>
</body>
</html>success.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>登陆成功页面</title>
</head>
<body>
用户${user.username }操作 成功
</body>
</html>