我从一周开始就一直在谷歌上搜索。仍然没有任何解决方案可以解决我的问题。我的 strtus2 Web 应用程序很简单。有一个登录页面,登录成功后必须重定向到成功页面。但我的问题是,如果我右键单击 success.jsp
并运行该页面,该页面仍然在没有任何 session 的情况下加载,但我的要求是 success.jsp
永远不会得到相反,它应该重定向到 login.jsp
页面。
登录.jsp:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@taglib uri="/struts-tags" prefix="s"%>
<s:form action="login">
<s:textfield name="username" label="User Name"/>
<s:password name="password" label="Password"/>
<s:submit value="Login"/>
</body>
</html>
我的用于登录的 pojo 类。
package com.cm.ccb.login;
public class Login {
private int userid;
private String username;
private double password;
private String email;
private double phone;
public int getUserid() {
return userid;
}
public void setUserid(int userid) {
this.userid = userid;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public double getPassword() {
return password;
}
public void setPassword(double password) {
this.password = password;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public double getPhone() {
return phone;}
public void setPhone(double phone) {
this.phone = phone;
}
}
我的loginAction类。
package com.cm.ccb.login;
import java.util.Map;
import org.apache.struts2.dispatcher.SessionMap;
import org.apache.struts2.interceptor.SessionAware;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;
public class LoginAction extends ActionSupport implements SessionAware {
private static final long serialVersionUID = 1L;
private String username;
private String password;
Map<String, Object> session;
SessionMap<String,String> sessionmap;
LoginDao dao=new LoginDao();
@Override
public void validate(){
if(username.length()==(0))
this.addFieldError("username", "Name is required");
if(password.length()==(0))
this.addFieldError("password", "Password is required");
}
@Override
public String execute(){
if(dao.find(getUsername(),getPassword())) {
return "success";
}
else
return "error";
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public void setSession(Map<String, Object> session) {
this.session = session;
}
}
我的loginDao类
package com.cm.ccb.login;
import java.util.Iterator;
import java.util.List;
import org.hibernate.Query;
import org.hibernate.Session;
import com.cm.ccb.mapping.HibernateUtil;
public class LoginDao {
@SuppressWarnings("unchecked")
public boolean find(String username, String password) {
Session session = HibernateUtil.getSessionFactory().openSession();
String SQL_QUERY = " from Login l where l.username='"+username+"' and l.password='"+password+"'";
System.out.println(SQL_QUERY);
Query query = session.createQuery(SQL_QUERY);
Iterator<Login> it = query.iterate();
List<Login> list = query.list();
if (list.size() > 0) {
return true;
}
return false;
}
}
我的成功.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@taglib uri="/struts-tags" prefix="s"%>
success
</body>
</html>
最佳答案
有很多方法可以实现这一点,但我正在解释一种存储 session 值的方法。
第 1 步 在用户登录时的登录操作中,如果用户名和密码正确,请将用户名放入 session 中。
Map<String,Object> session = ActionContext.getContext().getSession();
session.put("username", username);
第 2 步 实现拦截器来检查此 session 值。创建包 Interceptors
并在其中创建一个类 AuthorizationInterceptor.java
。
package Interceptors;
import org.apache.struts2.dispatcher.SessionMap;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
public class AuthorizationInterceptor implements Interceptor {
private static final long serialVersionUID = 1841289944579731267L;
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void init() {
// TODO Auto-generated method stub
}
@Override
public String intercept(ActionInvocation inv) throws Exception {
ActionContext context = inv.getInvocationContext();
//for login and register actions ignore checking
if(context.getName().equalsIgnoreCase("login") || context.getName().equalsIgnoreCase("register"))
{
return inv.invoke();
}
SessionMap<String,Object> map = (SessionMap<String,Object>) inv.getInvocationContext().getSession();
if(map==null)
{
return "login";
}
Object user = map.get("username");
if(user==null ||user.equals("") || map.isEmpty() || map == null ){
return "login";
}
return inv.invoke();
}
}
第3步:在struts.xml
中配置此拦截器
<package name="mydefault" namespace="/" extends="struts-default">
<interceptors>
<interceptor name="Authorizeuser" class="Interceptors.AuthorizationInterceptor"></interceptor>
<interceptor-stack name="myStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="Authorizeuser" />
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="myStack" />
<global-results>
<result name="login">login.jsp</result>
</global-results>
...your Actions here....
</package>
到目前为止,如果用户未登录,它将阻止操作网址
第 4 步 阻止 jsp -> 将以下代码放入您想要阻止的 jsp 中,例如: success.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@taglib uri="/struts-tags" prefix="s"%>
< %
HttpSession sess = request.getSession(true);
if (sess.getAttribute("username")==null)
{
% >
<jsp:forward page="/login.jsp?msg=You will have to login first in order to access other pages"></jsp:forward>
< %
}
% >
<html>
<body>
success
</body>
</html>
注意:除了使用 session 之外,您还可以使用cookie、上下文变量等。
关于java - 如果用户未登录struts2,如何防止加载任何页面,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24383528/