用什么方法避免用户直接请求action比较好。 1、 用 struts2 token;2、 加过滤器,没 session 的拒绝请求;任选其一。 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 用jsf吧,再别action了............... -----只是适合无权访问JSP不能做到ACTION拦截需要struts2拦截器package com.newspace.paym.manager.filter;import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class LoginCheckFilter extends HttpServlet implements Filter { private static final long serialVersionUID = 1L; public void init(FilterConfig filterConfig) throws ServletException { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { RequestDispatcher dispatcher = request.getRequestDispatcher("login.jsp");//这里设置如果没有登陆将要转发到的页面 HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; HttpSession session = req.getSession(true); // System.out.println(((HttpServletRequest) request).getRequestURI()); // 从session里取的用户名信息 String username = (String) session.getAttribute("loginname");//这里获取session,为了检查session里有没有保存用户信息,没有的话回转发到登陆页面 // 判断如果没有取到用户信息,就跳转到登陆页面 if (username == null || "".equals(username)) { // 跳转到登陆页面 dispatcher.forward(request,response); // System.out.println("用户没有登陆,不允许操作"); res.setHeader("Cache-Control","no-store"); res.setDateHeader("Expires",0); res.setHeader("Pragma","no-cache"); } else { // 已经登陆,继续此次请求 chain.doFilter(request,response); // System.out.println("用户已经登陆,允许操作"); } } public void destroy() { } } web.xml<filter> <filter-name>LoginCheckFilter</filter-name> <filter-class>com.newspace.paym.manager.filter.LoginCheckFilter</filter-class> </filter> <filter-mapping> <filter-name>LoginCheckFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> ---------------------------------------------struts2的拦截器,禁止用户直接访问actionstruts.xml <interceptors> <interceptor name="login" class="com.newspace.paym.util.LoginInterceptor"/> <interceptor-stack name="myLogin"> <interceptor-ref name="login"></interceptor-ref> <interceptor-ref name="defaultStack"></interceptor-ref> </interceptor-stack> </interceptors> <default-interceptor-ref name="myLogin"></default-interceptor-ref> LoginInterceptor.javapackage com.newspace.paym.util;import java.util.Map;import org.apache.struts2.ServletActionContext;import com.opensymphony.xwork2.ActionContext;import com.opensymphony.xwork2.ActionInvocation;import com.opensymphony.xwork2.interceptor.AbstractInterceptor;public class LoginInterceptor extends AbstractInterceptor{ private static final long serialVersionUID = 1L; @Override public String intercept(ActionInvocation invocation) throws Exception { String name=invocation.getInvocationContext().getName(); if(name.equals("manager_login_list")){ return invocation.invoke(); } else{ ActionContext ac = invocation.getInvocationContext(); Map session = (Map)ac.get(ServletActionContext.SESSION); if(session==null) { //如果session为空,则让用户登陆 return "login"; } else { String adminname = (String)session.get("loginname"); if(adminname==null) { //session不为空,但是session中没有用户信息 //让用户登陆 return "login"; } else { //用户已经登陆,登陆成功 return invocation.invoke(); } } } } } SHH框架刷新,表单重复提交(跪求详解) Tomcat + servlet如何配置多实例模式??? dwr调用后台方法返回List怎么接收? JAVAMail小问题 高分求jsp的wap留言板源码 请教高手jsp数据库的问题 头撞月球破大洞!jsp数据库问题 JSP只有最上层窗口是可以访问的! j2se1.3难道没有java.servlet或java.servlet.http包吗?我找不到 问两个问题,有关java和javascript的,急! 求能匹配http://serivce及普通url的正则表达式 关于struts2自定义标签,大神来帮下忙
-----只是适合无权访问JSP不能做到ACTION拦截需要struts2拦截器package com.newspace.paym.manager.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginCheckFilter extends HttpServlet implements Filter
{
private static final long serialVersionUID = 1L;
public void init(FilterConfig filterConfig) throws ServletException
{
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
{
RequestDispatcher dispatcher = request.getRequestDispatcher("login.jsp");//这里设置如果没有登陆将要转发到的页面
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
// System.out.println(((HttpServletRequest) request).getRequestURI());
// 从session里取的用户名信息
String username = (String) session.getAttribute("loginname");//这里获取session,为了检查session里有没有保存用户信息,没有的话回转发到登陆页面
// 判断如果没有取到用户信息,就跳转到登陆页面
if (username == null || "".equals(username))
{
// 跳转到登陆页面
dispatcher.forward(request,response);
// System.out.println("用户没有登陆,不允许操作");
res.setHeader("Cache-Control","no-store");
res.setDateHeader("Expires",0);
res.setHeader("Pragma","no-cache");
}
else
{
// 已经登陆,继续此次请求
chain.doFilter(request,response);
// System.out.println("用户已经登陆,允许操作");
}
}
public void destroy()
{
}
}
web.xml
<filter>
<filter-name>LoginCheckFilter</filter-name>
<filter-class>com.newspace.paym.manager.filter.LoginCheckFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginCheckFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping> ---------------------------------------------struts2的拦截器,禁止用户直接访问action
struts.xml
<interceptors>
<interceptor name="login" class="com.newspace.paym.util.LoginInterceptor"/>
<interceptor-stack name="myLogin">
<interceptor-ref name="login"></interceptor-ref>
<interceptor-ref name="defaultStack"></interceptor-ref>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="myLogin"></default-interceptor-ref>
LoginInterceptor.java
package com.newspace.paym.util;
import java.util.Map;
import org.apache.struts2.ServletActionContext;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class LoginInterceptor extends AbstractInterceptor{
private static final long serialVersionUID = 1L;
@Override
public String intercept(ActionInvocation invocation) throws Exception {
String name=invocation.getInvocationContext().getName();
if(name.equals("manager_login_list")){
return invocation.invoke();
}
else{
ActionContext ac = invocation.getInvocationContext();
Map session = (Map)ac.get(ServletActionContext.SESSION);
if(session==null)
{
//如果session为空,则让用户登陆
return "login";
}
else
{
String adminname = (String)session.get("loginname");
if(adminname==null)
{
//session不为空,但是session中没有用户信息
//让用户登陆
return "login";
}
else
{
//用户已经登陆,登陆成功
return invocation.invoke();
}
}
}
}
}