此例子的拦截器目的防止用户不登录通过拦截器直接获取服务器的资源(服务不愿意的,嘤嘤嘤)
将secret.jsp作为机密文件放在WEB-INF下面,WEB-INF为用户无法访问页面。
登录首页
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@taglib prefix="s" uri="/struts-tags"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
${tip}
<s:form action="login2" method="post">
<s:textfield key="用户名" name="username" />
<s:textfield key="姓名" name="password" />
<s:submit value="登录" />
</s:form>
</body>
</html>
首页对应的Action
package Test;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;
public class UserAction2 extends ActionSupport {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String execute() throws Exception {
String strReturn = INPUT;
if (this.username.equals("abc") && this.password.equals("123")) {
ActionContext.getContext().getSession().put("username", username);
strReturn = SUCCESS;
} else {
ActionContext.getContext().getSession().put("tip", "登录失败");
}
return strReturn;
}
}
登录成功页面
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<a href="secret">查看机密信息 </a>
</body>
</html>
登录成功对应Action
package Test;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class AuthInterceptor extends AbstractInterceptor {
@Override
public String intercept(ActionInvocation arg0) throws Exception {
System.out.println("拦截器开始执行");
Object obj = ActionContext.getContext().getSession().get("username");
String strName = obj != null ? obj.toString() : "";
if (strName.equals("abc")) {
System.out.println("拦截器执行结束");
return "success";
} else {
ActionContext.getContext().getSession().put("tip", "您未登录,还不能查看机密信息");
return "input";
}
}
}
机密文件:放在WEB-INF,WEB-INF里面的文件用户无法通过浏览器访问
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>这是机密信息,一般不让人看
</body>
</html>
struts2.xml配置
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.1//EN"
"http://struts.apache.org/dtds/struts-2.1.dtd">
<struts>
<package name="myPackage" extends="struts-default">
<interceptors>
<interceptor name="authInter" class="Test.AuthInterceptor"/>
</interceptors>
<action name="login2" class="Test.UserAction2">
<result>success.jsp</result>
<result name="input">login2.jsp</result>
</action>
<action name="secret" class="Test.UserAction2">
<interceptor-ref name="authInter"/>
<interceptor-ref name="defaultStack"/>
<result name="success">WEB-INF/secret.jsp</result>
<result name="input">/login2.jsp</result>
</action>
</package>
</struts>