刚学的struts2拦截器,想用struts拦截器做个登录验证,但是老是出问题,求解释啊。代码如下
LoginAction类:
package com.struts.action;import java.util.Map;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;import org.apache.struts2.dispatcher.mapper.ActionMapping;import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;public class LoginAction extends BaseAction {
private String uid;
private String password;
public String getUid() {
return uid;
} public void setUid(String uid) {
this.uid = uid;
} public String getPassword() {
return password;
} public void setPassword(String password) {
this.password = password;
}
public String login() throws Exception {
uid = request.getParameter("uid");
password = request.getParameter("password");
System.out.println(uid+"----"+password);
if(uid.equals("lee")&&password.equals("111")){
Map map = ActionContext.getContext().getSession();
map.put("uid", uid);
System.out.println("--------用户名是:"+uid);
return "success";
}else{
System.out.println("--------用户名或密码错误---action");
return "login";
}
}
}
拦截器类
package com.interceptor;import java.util.Map;import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.struts.action.LoginAction;public class UsrLoginInterceptor extends AbstractInterceptor { //判断用户是否已经登录,如果没登录,则拦截非法请求
@Override
public String intercept(ActionInvocation arg0) throws Exception {
Map map = arg0.getInvocationContext().getSession();
if (null == map.get("uid")){
System.out.println(map.get("uid"));
System.out.println("非法请求!!!");
return Action.LOGIN;
}else
{
System.out.println("合法请求!!!");
return arg0.invoke();
}
}}struts.xml配置文件
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<package name="lxxt" extends="struts-default">
<interceptors>
<interceptor name="authority" class="com.interceptor.UsrLoginInterceptor"/>
<interceptor-stack name="myDefaultStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="authority" />
</interceptor-stack>
</interceptors>
<global-results>
<result name="login" type="redirect">/login.jsp</result>
</global-results>
<action name="LoginAction_*" class="com.struts.action.LoginAction" method="{1}">
<result name="success">/user.jsp</result>
<result name="login">/login.jsp</result>
<interceptor-ref name="myDefaultStack" />
</action>
</package>
</struts>login.jsp是登录页面,user.jsp是登录成功的页面,login.jsp传uid和password两个值到action去判断,但是我输准确的用户名和密码也提示“非法请求”,而且也拦截不到没有登录的用户直接输入user.jsp到网址也能进入,求解啊
LoginAction类:
package com.struts.action;import java.util.Map;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;import org.apache.struts2.dispatcher.mapper.ActionMapping;import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;public class LoginAction extends BaseAction {
private String uid;
private String password;
public String getUid() {
return uid;
} public void setUid(String uid) {
this.uid = uid;
} public String getPassword() {
return password;
} public void setPassword(String password) {
this.password = password;
}
public String login() throws Exception {
uid = request.getParameter("uid");
password = request.getParameter("password");
System.out.println(uid+"----"+password);
if(uid.equals("lee")&&password.equals("111")){
Map map = ActionContext.getContext().getSession();
map.put("uid", uid);
System.out.println("--------用户名是:"+uid);
return "success";
}else{
System.out.println("--------用户名或密码错误---action");
return "login";
}
}
}
拦截器类
package com.interceptor;import java.util.Map;import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.struts.action.LoginAction;public class UsrLoginInterceptor extends AbstractInterceptor { //判断用户是否已经登录,如果没登录,则拦截非法请求
@Override
public String intercept(ActionInvocation arg0) throws Exception {
Map map = arg0.getInvocationContext().getSession();
if (null == map.get("uid")){
System.out.println(map.get("uid"));
System.out.println("非法请求!!!");
return Action.LOGIN;
}else
{
System.out.println("合法请求!!!");
return arg0.invoke();
}
}}struts.xml配置文件
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<package name="lxxt" extends="struts-default">
<interceptors>
<interceptor name="authority" class="com.interceptor.UsrLoginInterceptor"/>
<interceptor-stack name="myDefaultStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="authority" />
</interceptor-stack>
</interceptors>
<global-results>
<result name="login" type="redirect">/login.jsp</result>
</global-results>
<action name="LoginAction_*" class="com.struts.action.LoginAction" method="{1}">
<result name="success">/user.jsp</result>
<result name="login">/login.jsp</result>
<interceptor-ref name="myDefaultStack" />
</action>
</package>
</struts>login.jsp是登录页面,user.jsp是登录成功的页面,login.jsp传uid和password两个值到action去判断,但是我输准确的用户名和密码也提示“非法请求”,而且也拦截不到没有登录的用户直接输入user.jsp到网址也能进入,求解啊
问题1:
<action name="LoginAction_*" class="com.struts.action.LoginAction" method="{1}">
<result name="success">/user.jsp</result>
<result name="login">/login.jsp</result>
<interceptor-ref name="myDefaultStack" />
</action>
逻辑不合理,
你的loginaction中不需要加入拦截器.
问题2:
你的user.jsp之所以可以被访问是因为你没有加filter去防止他人去访问此资源.
你去看看Filter的用法.
if (null == map.get("uid")){//==========这个条件是不是应该是不等于null,我觉得==null应该能正常登陆吧!
System.out.println(map.get("uid"));
System.out.println("非法请求!!!");
return Action.LOGIN;
}else
{
System.out.println("合法请求!!!");
return arg0.invoke();
}
呃。。哥们我试了下你说的那样就正常登录了,但是我搞不明白,如果那个uid是空,那就说明没输入用户名啊,那怎么可以登录成功呢?求解释啊,谢谢啊~~
HttpRequest request = ServletActionContext.getRequest();
String path = request.getContextPath();
//取得完整路径
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+;
//对路径进行判断,如果是login/logout.action,则invoke,否则再拿session的uid进行判断