判断用户是否已登录,未登录用户禁止访问任何页面或action,自动跳转到登录页面
2013-06-25 17:26
1311 查看
实现的功能:判断用户是否已登录,未登录用户禁止访问任何页面或action,自动跳转到登录页面。
比较好的做法是不管什么人都不能直接访问jsp页面,要访问就通过action,这样就变成了一个实实在在的权限控制了。
那么就有3种方法可以解决楼主的问题
1,直接使用filter
2,直接使用webwork的interceptor,
3,将action交给spring管理,使用spring的Aop机制
让用户可以直接访问jsp本来就违反了mvc的本意了
1 直接使用filter
web.xml配置
Xml代码
<filter>
<filter-name>SecurityServlet</filter-name>
<filter-class>com.*.web.servlet.SecurityServlet</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityServlet</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SecurityServlet</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
SecurityServlet 类
Java代码
package com.*.web.servlet;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SecurityServlet
extends HttpServlet implements Filter {
private static
final long serialVersionUID = 1L;
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest)arg0;
HttpServletResponse response =(HttpServletResponse) arg1;
HttpSession session = request.getSession(true);
String usercode = (String) request.getRemoteUser();// 登录人
String user_role = (String)session.getAttribute("role");//登录人角色
String url=request.getRequestURI();
if(usercode==null ||
"".equals(usercode) || user_role ==
null || "".equals(user_role)) {
//判断获取的路径不为空且不是访问登录页面或执行登录操作时跳转
if(url!=null && !url.equals("") && ( url.indexOf("Login")<0
&& url.indexOf("login")<0 )) {
response.sendRedirect(request.getContextPath() +
"/login.jsp");
return ;
}
}
arg2.doFilter(arg0, arg1);
return;
}
public void init(FilterConfig arg0)
throws ServletException {
}
}
配置中的filter-mapping,定义的是需过滤的请求类型,上面的配置即过滤所有对jsp页面和action的请求。过滤器的实现与struts2、spring框架无关,在用户请求被相应前执行,在过滤器中,可使用response.sendRedirect("")等方法
跳转到需要的链接,如登录页面、错误页面等,不需要跳转时,arg2.doFilter(arg0, arg1);即可继续执行用户的请求。注意使用filter时避免连续两次跳转,否则会报java.lang.IllegalStateException错误,具体配置方法网上有,除非必要,不建议使用/*(过滤所有访问)的配置方式,这样配置,图片、js文件、css文件等访问都会被过滤
2 Spring拦截
Spring配置
Xml代码
<bean
id="springSessionInterceptor"
class="com.*.web.servlet.SpringLoginInterceptor"
>
</bean>
<bean
id="autoPorxyFactoryBean1"
class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<property
name="interceptorNames">
<list>
<value>springLoginInterceptor</value>
</list>
</property>
<property
name="beanNames"
>
<list>
<value>*Controller</value>
</list>
</property>
</bean>
SpringLoginInterceptor实现类
Java代码
package com.web.servlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionMapping;
public class SpringLoginInterceptor
implements MethodInterceptor {
private static
final Logger log = Logger
.getLogger(SpringLoginInterceptor .class);
@Override
public Object invoke(MethodInvocation invocation)
throws Throwable {
log.info("拦截开始!");
Object[] args = invocation.getArguments();
HttpServletRequest request = null;
HttpServletResponse response = null;
ActionMapping mapping = null;
for (int i =
0 ; i < args.length ; i++ ) {
if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
if (args[i] instanceof HttpServletResponse) response = (HttpServletResponse)args[i];
if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i];
}
if (request != null && mapping !=
null) {
String url=request.getRequestURI();
HttpSession session = request.getSession(true);
String usercode = (String) request.getRemoteUser();// 登录人
String user_role = (String)session.getAttribute("user_role");//登录人角色
if (usercode == null || usercode.equals("")) {
if ( url.indexOf("Login")<0 && url.indexOf("login")<0
) {
return mapping.findForward("loginInterceptor");
}
return invocation.proceed();
}
else {
return invocation.proceed();
}
}
else {
return invocation.proceed();
}
}
}
/article/4125007.html
比较好的做法是不管什么人都不能直接访问jsp页面,要访问就通过action,这样就变成了一个实实在在的权限控制了。
那么就有3种方法可以解决楼主的问题
1,直接使用filter
2,直接使用webwork的interceptor,
3,将action交给spring管理,使用spring的Aop机制
让用户可以直接访问jsp本来就违反了mvc的本意了
1 直接使用filter
web.xml配置
Xml代码
<filter>
<filter-name>SecurityServlet</filter-name>
<filter-class>com.*.web.servlet.SecurityServlet</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityServlet</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SecurityServlet</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter> <filter-name>SecurityServlet</filter-name> <filter-class>com.*.web.servlet.SecurityServlet</filter-class> </filter> <filter-mapping> <filter-name>SecurityServlet</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>SecurityServlet</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping>
SecurityServlet 类
Java代码
package com.*.web.servlet;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SecurityServlet
extends HttpServlet implements Filter {
private static
final long serialVersionUID = 1L;
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest)arg0;
HttpServletResponse response =(HttpServletResponse) arg1;
HttpSession session = request.getSession(true);
String usercode = (String) request.getRemoteUser();// 登录人
String user_role = (String)session.getAttribute("role");//登录人角色
String url=request.getRequestURI();
if(usercode==null ||
"".equals(usercode) || user_role ==
null || "".equals(user_role)) {
//判断获取的路径不为空且不是访问登录页面或执行登录操作时跳转
if(url!=null && !url.equals("") && ( url.indexOf("Login")<0
&& url.indexOf("login")<0 )) {
response.sendRedirect(request.getContextPath() +
"/login.jsp");
return ;
}
}
arg2.doFilter(arg0, arg1);
return;
}
public void init(FilterConfig arg0)
throws ServletException {
}
}
package com.*.web.servlet; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class SecurityServlet extends HttpServlet implements Filter { private static final long serialVersionUID = 1L; public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { HttpServletRequest request=(HttpServletRequest)arg0; HttpServletResponse response =(HttpServletResponse) arg1; HttpSession session = request.getSession(true); String usercode = (String) request.getRemoteUser();// 登录人 String user_role = (String)session.getAttribute("role");//登录人角色 String url=request.getRequestURI(); if(usercode==null || "".equals(usercode) || user_role == null || "".equals(user_role)) { //判断获取的路径不为空且不是访问登录页面或执行登录操作时跳转 if(url!=null && !url.equals("") && ( url.indexOf("Login")<0 && url.indexOf("login")<0 )) { response.sendRedirect(request.getContextPath() + "/login.jsp"); return ; } } arg2.doFilter(arg0, arg1); return; } public void init(FilterConfig arg0) throws ServletException { } }
配置中的filter-mapping,定义的是需过滤的请求类型,上面的配置即过滤所有对jsp页面和action的请求。过滤器的实现与struts2、spring框架无关,在用户请求被相应前执行,在过滤器中,可使用response.sendRedirect("")等方法
跳转到需要的链接,如登录页面、错误页面等,不需要跳转时,arg2.doFilter(arg0, arg1);即可继续执行用户的请求。注意使用filter时避免连续两次跳转,否则会报java.lang.IllegalStateException错误,具体配置方法网上有,除非必要,不建议使用/*(过滤所有访问)的配置方式,这样配置,图片、js文件、css文件等访问都会被过滤
2 Spring拦截
Spring配置
Xml代码
<bean
id="springSessionInterceptor"
class="com.*.web.servlet.SpringLoginInterceptor"
>
</bean>
<bean
id="autoPorxyFactoryBean1"
class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<property
name="interceptorNames">
<list>
<value>springLoginInterceptor</value>
</list>
</property>
<property
name="beanNames"
>
<list>
<value>*Controller</value>
</list>
</property>
</bean>
<bean id="springSessionInterceptor" class="com.*.web.servlet.SpringLoginInterceptor" > </bean> <bean id="autoPorxyFactoryBean1" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator"> <property name="interceptorNames"> <list> <value>springLoginInterceptor</value> </list> </property> <property name="beanNames" > <list> <value>*Controller</value> </list> </property> </bean>
SpringLoginInterceptor实现类
Java代码
package com.web.servlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionMapping;
public class SpringLoginInterceptor
implements MethodInterceptor {
private static
final Logger log = Logger
.getLogger(SpringLoginInterceptor .class);
@Override
public Object invoke(MethodInvocation invocation)
throws Throwable {
log.info("拦截开始!");
Object[] args = invocation.getArguments();
HttpServletRequest request = null;
HttpServletResponse response = null;
ActionMapping mapping = null;
for (int i =
0 ; i < args.length ; i++ ) {
if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
if (args[i] instanceof HttpServletResponse) response = (HttpServletResponse)args[i];
if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i];
}
if (request != null && mapping !=
null) {
String url=request.getRequestURI();
HttpSession session = request.getSession(true);
String usercode = (String) request.getRemoteUser();// 登录人
String user_role = (String)session.getAttribute("user_role");//登录人角色
if (usercode == null || usercode.equals("")) {
if ( url.indexOf("Login")<0 && url.indexOf("login")<0
) {
return mapping.findForward("loginInterceptor");
}
return invocation.proceed();
}
else {
return invocation.proceed();
}
}
else {
return invocation.proceed();
}
}
}
/article/4125007.html
相关文章推荐
- 判断用户是否登录,用户在没有登录访问页面时,自动跳转到登录页面(二)
- JavaWeb拦截器,查看用户是否登录过,未登录禁止访问页面并且跳转到登录页面
- 访问页面时,判断用户是否登录,若没有登录,将跳转到登录页面(一)
- Struts2.0里的过滤器interceptor之用户只可以访问Login.action与Register.action,访问其它.action的链接时,自动切换到登录页面
- ionic1 跳转至某个页面之前判断用户是否登录
- PHP判断用户是否已经登录(跳转到不同页面或者执行不同动作)
- php 用户访问菜单页面,必须登录,判断用户是否登录
- php 用户访问菜单页面,必须登录,判断用户是否登录
- php 用户访问菜单页面,必须登录,判断用户是否登录
- web 开发,个人中心每个请求,判断用户是否登录,若没有登录,则跳转到登录页面,登录成功后返回之前页面
- axios 拦截 , 页面跳转, token 验证(经常用于判断用户是否登录)
- asp.net如何让未登录用户登录后能自动跳转到登录前访问的页面
- 判断用户是否已经登录(跳转到不同页面或者执行不同动作)
- 判断用户是否登录,如果登录了放行,否则跳转到登陆页面
- PHP用户登录后跳转回上一访问页面的实现思路及代码
- js中判断有没有登录并自动跳转页面
- iOS 开发之 点击tabbarItem添加是否跳转登录页面判断
- 物流管理系统(七)4实现用户未登录自动跳转到登录页面
- 用百度siteapp的uaredirect.js判断用户访问端而进行域名的自动跳转,并通过cookie记录手机访问电脑端的状态
- react-navigation 如何判断用户是否登录跳转到登录页的方法