流程是这样的: 《登陆—拦截器拦截—页面—根据权限显示对应的按钮操作》我现在做到可以登陆到页面了,但是根据权限显示按钮还是不太会,帮忙改一下代码。另外一个问题是,虽然有了登陆拦截,但是直接输入页面名字.jsp也可以进入,如何解决。代码如下:
拦截器:public class AuthorizationInterceptor extends AbstractInterceptor {
private static final String SC = "sc";
private static final String RELOGIN = "relogin";
protected Logger logger = LoggerFactory.getLogger(getClass());
public String intercept(ActionInvocation invocation) throws Exception {
HttpSession session = ServletActionContext.getRequest().getSession();
/*String actionName = invocation.getProxy().getActionName();
System.out.println("actionName:"+actionName);*/
if (null != session.getAttribute(SC)) {
System.out.println("拦截器:合法用户登录---");
logger.debug("拦截器:合法用户登录---");
return invocation.invoke();
}
System.out.println("拦截器:用户未登录---");
logger.debug("拦截器:用户未登录---");
return RELOGIN;
}}
action:
package com.action;public class UserinfoAction extends ActionSupport implements ModelDriven<Users>{
private static final long serialVersionUID = 1L;
protected Logger logger = LoggerFactory.getLogger(getClass());
private static final String LOGINSUCCESS = "loginsuccess";
private Users userinfo;
private UserinfoService userinfoService;
//采用模型驱动
private Users model=new Users();//用于封装会员属性模型
public Users getModel() {
return model;
}
public String login(){
logger.debug("login begin....");
String validateFlag = "";
HttpSession session = ServletActionContext.getRequest().getSession();
Assert.notNull(session);
try {
validateFlag = userinfoService.validateLogin(model, session);
} catch (RuntimeException e) {
System.out.println(validateFlag);
logger.error("login validate error!"+e.getMessage());
addActionError("登录验证失败!");
return INPUT;
}
if(!LOGINSUCCESS.equals(validateFlag))
{
addActionError(validateFlag);
return INPUT;
}
session = ServletActionContext.getRequest().getSession();
SessionContainer sc = (SessionContainer)session.getAttribute("sc");
session.setAttribute("sc", sc);
logger.info("session create success!");
return SUCCESS;
}
public String loginout(){
HttpSession session = ServletActionContext.getRequest().getSession();
Assert.notNull(session);
SessionContainer sc = (SessionContainer)session.getAttribute("sc");
if(null!=sc){
session.removeAttribute("sc");
logger.info("session destroy success!");
}
return SUCCESS;
}
/** 省略set/get */
}
xml:<interceptors>
<interceptor name="authority" class="com.action.AuthorizationInterceptor"/>
<interceptor-stack name="mydefault">
<interceptor-ref name="authority" />
<interceptor-ref name="defaultStack" />
</interceptor-stack>
</interceptors>
<!-- 默认拦截器 -->
<default-interceptor-ref name="mydefault" /> <package name="login" extends="ssh">
<action name="login" class="UserinfoAction" method="login">
<result name="searchAll" type="redirectAction">
<param name="actionName">news_listNews</param>
</result>
<result>/index.jsp</result>
<result name="input">/login.jsp</result>
<result name="success">/index.jsp</result>
<result name="login">/error.jsp</result>
<interceptor-ref name="defaultStack" />
</action>
JSP , 就是这里,怎么根据登陆的权限显示 修改 和 删除 :
<s:form action="news_modiNews" method="post">
<s:submit value="修改" />
<input type="hidden" name="newsId" value="${result.newsId}">
</s:form>
</td>
<td>
<s:form action="news_delNews" method="post"onsubmit="return confirmdialog()">
<s:submit value="删除" />
<input type="hidden" name="newsId" value="${result.newsId}">
</s:form>
拦截器:public class AuthorizationInterceptor extends AbstractInterceptor {
private static final String SC = "sc";
private static final String RELOGIN = "relogin";
protected Logger logger = LoggerFactory.getLogger(getClass());
public String intercept(ActionInvocation invocation) throws Exception {
HttpSession session = ServletActionContext.getRequest().getSession();
/*String actionName = invocation.getProxy().getActionName();
System.out.println("actionName:"+actionName);*/
if (null != session.getAttribute(SC)) {
System.out.println("拦截器:合法用户登录---");
logger.debug("拦截器:合法用户登录---");
return invocation.invoke();
}
System.out.println("拦截器:用户未登录---");
logger.debug("拦截器:用户未登录---");
return RELOGIN;
}}
action:
package com.action;public class UserinfoAction extends ActionSupport implements ModelDriven<Users>{
private static final long serialVersionUID = 1L;
protected Logger logger = LoggerFactory.getLogger(getClass());
private static final String LOGINSUCCESS = "loginsuccess";
private Users userinfo;
private UserinfoService userinfoService;
//采用模型驱动
private Users model=new Users();//用于封装会员属性模型
public Users getModel() {
return model;
}
public String login(){
logger.debug("login begin....");
String validateFlag = "";
HttpSession session = ServletActionContext.getRequest().getSession();
Assert.notNull(session);
try {
validateFlag = userinfoService.validateLogin(model, session);
} catch (RuntimeException e) {
System.out.println(validateFlag);
logger.error("login validate error!"+e.getMessage());
addActionError("登录验证失败!");
return INPUT;
}
if(!LOGINSUCCESS.equals(validateFlag))
{
addActionError(validateFlag);
return INPUT;
}
session = ServletActionContext.getRequest().getSession();
SessionContainer sc = (SessionContainer)session.getAttribute("sc");
session.setAttribute("sc", sc);
logger.info("session create success!");
return SUCCESS;
}
public String loginout(){
HttpSession session = ServletActionContext.getRequest().getSession();
Assert.notNull(session);
SessionContainer sc = (SessionContainer)session.getAttribute("sc");
if(null!=sc){
session.removeAttribute("sc");
logger.info("session destroy success!");
}
return SUCCESS;
}
/** 省略set/get */
}
xml:<interceptors>
<interceptor name="authority" class="com.action.AuthorizationInterceptor"/>
<interceptor-stack name="mydefault">
<interceptor-ref name="authority" />
<interceptor-ref name="defaultStack" />
</interceptor-stack>
</interceptors>
<!-- 默认拦截器 -->
<default-interceptor-ref name="mydefault" /> <package name="login" extends="ssh">
<action name="login" class="UserinfoAction" method="login">
<result name="searchAll" type="redirectAction">
<param name="actionName">news_listNews</param>
</result>
<result>/index.jsp</result>
<result name="input">/login.jsp</result>
<result name="success">/index.jsp</result>
<result name="login">/error.jsp</result>
<interceptor-ref name="defaultStack" />
</action>
JSP , 就是这里,怎么根据登陆的权限显示 修改 和 删除 :
<s:form action="news_modiNews" method="post">
<s:submit value="修改" />
<input type="hidden" name="newsId" value="${result.newsId}">
</s:form>
</td>
<td>
<s:form action="news_delNews" method="post"onsubmit="return confirmdialog()">
<s:submit value="删除" />
<input type="hidden" name="newsId" value="${result.newsId}">
</s:form>
换句话说每个页面都要权限判断,方式用url方式登陆
<s:submit value="修改" />
<input type="hidden" name="newsId" value="${result.newsId}">
</s:form>
</td>
<td>
<s:form action="news_delNews" method="post"onsubmit="return confirmdialog()">
<s:submit value="删除" />
<input type="hidden" name="newsId" value="${result.newsId}">
</s:form>
先在jsp页面的GBK那句代码下面
写上<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>这样一句
然后<c:if test="${id==2}"> <s:submit value="修改" /></c>
这样表示权限为2的时候显示修改这个button按钮
否则为隐藏
用session判断登录,但是只要不手动点 退出系统 ,那么关闭浏览器再打开session还在,不需要重新登录,这个问题怎么办。。
那么这个怎么回事??2011-11-24 16:31:34 [日志信息] Could not find method [hasActionErrors()]
http://topic.csdn.net/u/20111121/17/3b7e8a96-b929-478d-8df6-9f44bd5cc97f.html
http://topic.csdn.net/t/20040712/15/3167396.html
搜索一下session和浏览器的关闭的关系看看。你点击退出登录的时候session没了 是因为点击的时候执行了session.removeAttribute(String name) //删除在session对象中由name指定的对象
或者session.removeValue(String name)方法。
=============================
我看你代码写的挺对的只是有一点问题
不要把你的jsp直接放在webcontent下面
<result name="input">/login.jsp</result>
类似这样的
<result name="success">/Struts2Sample/main.jsp </result>
自己建一个子文件夹,这样IE里直接输入jsp名字就进入不了了
========================
这个问题按理说不会这样吧,session信息是存在服务器端的,关闭了浏览器服务器器端确实不会立即清除该用户的session信息。
但是客户端再次打开浏览器的时候,会给服务器端重新发一个sessionID也就是说服务器端会当作一个新的链接来处理,不会找到上一次的session信息。除非在本地保留了前一次的sessionID并提交给了服务器。