给struts配置登陆验证过滤器,判断Session过期则重新登陆
2016-01-14 14:45
357 查看
做的毕设题目,需要用到验证登陆状态,没有登陆的不能访问后台的页面,自动跳转到登陆页面。
参考了 http://blog.csdn.net/fly_fish456/article/details/8096305 这位兄台的博客之后,自己写了个过滤器:
1.首先是在登陆的Action中设置一个session来标志是否已经登陆:
2.在项目新建一个LoginFilter类作为过滤器:
package dorm.sys.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts2.ServletActionContext;
public class LoginFilter extends HttpServlet implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest sRequest, ServletResponse sResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) sRequest;
HttpServletResponse response = (HttpServletResponse) sResponse;
HttpSession session = request.getSession();
String url = request.getServletPath();
String contextPath = request.getContextPath();
if (url.equals("")) {
url += "/";
}
// 未登录时,若访问后台资源,将过滤到login页面
if ((url.startsWith("/") && !url.startsWith("/login"))) {
String user = (String) session.getAttribute("account");
if (user == null) {
response.sendRedirect(contextPath + "/login.html");
return;
} else {
// 登陆之后,验证session是否过期,session过期,转至登陆页面
if (!ServletActionContext.getRequest()
.isRequestedSessionIdValid()) {
response.sendRedirect(contextPath + "/login.html");
return;
}
}
}
filterChain.doFilter(sRequest, sResponse);
}
public void init(FilterConfig arg0) throws ServletException {
}
}
3.web.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>Dorm_mgm_sys</display-name>
<welcome-file-list>
<welcome-file>login.html</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>dorm.sys.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/jsp/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>
其中:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
设置Session 30分钟过期,也就是30分钟没有操作将要跳转到登陆页面重新登陆
这样就可以了,除了login页面外全部都会被过滤器检测。
注:
浏览器关闭后session将被销毁,用户需重新登陆。
退出操作则将session中的username值设置为null即可。
参考了 http://blog.csdn.net/fly_fish456/article/details/8096305 这位兄台的博客之后,自己写了个过滤器:
1.首先是在登陆的Action中设置一个session来标志是否已经登陆:
HttpSession session = ServletActionContext.getRequest().getSession(); session.setAttribute("account", account);
2.在项目新建一个LoginFilter类作为过滤器:
package dorm.sys.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts2.ServletActionContext;
public class LoginFilter extends HttpServlet implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest sRequest, ServletResponse sResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) sRequest;
HttpServletResponse response = (HttpServletResponse) sResponse;
HttpSession session = request.getSession();
String url = request.getServletPath();
String contextPath = request.getContextPath();
if (url.equals("")) {
url += "/";
}
// 未登录时,若访问后台资源,将过滤到login页面
if ((url.startsWith("/") && !url.startsWith("/login"))) {
String user = (String) session.getAttribute("account");
if (user == null) {
response.sendRedirect(contextPath + "/login.html");
return;
} else {
// 登陆之后,验证session是否过期,session过期,转至登陆页面
if (!ServletActionContext.getRequest()
.isRequestedSessionIdValid()) {
response.sendRedirect(contextPath + "/login.html");
return;
}
}
}
filterChain.doFilter(sRequest, sResponse);
}
public void init(FilterConfig arg0) throws ServletException {
}
}
3.web.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>Dorm_mgm_sys</display-name>
<welcome-file-list>
<welcome-file>login.html</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>dorm.sys.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/jsp/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>
其中:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
设置Session 30分钟过期,也就是30分钟没有操作将要跳转到登陆页面重新登陆
这样就可以了,除了login页面外全部都会被过滤器检测。
注:
浏览器关闭后session将被销毁,用户需重新登陆。
退出操作则将session中的username值设置为null即可。
相关文章推荐
- 深入理解abstract class 和 interface
- 在Eclipse中编写log4j的时候,无法输入中文的解决办法
- java两种方式实现“将字符串前m位移到字符串的第n位之后”
- java中Map,List与Set的区别
- spring aop 2
- 接口类和抽象类的区别
- java--生成图片验证码
- 谷歌做了一个艰难的决定:安卓系统不再用Java API 了
- Java错误笔记
- java学习笔记02——核心技术
- java提高篇—–HashTable
- Java零散知识点
- java 类 相关;
- struts2 下 ajax 请求被执行两次
- spring aop 1
- java中流不关闭为什么不能写入
- Spring+SpringMVC+MyBatis框架搭建
- Java集合类学习笔记
- java--邮箱的正则表达式匹配
- [转载]JAVA开发八荣八耻