java - Struts2登录拦截器不工作

Question

当用户不在 session 中时，我无法阻止用户访问“welcome.jsp”页面，请帮助我实现登录拦截器。这是我的代码。我想做的就是当用户使用他的用户 ID 登录时，检查他是否在 session 中，如果他在 session 中，让他访问其他任何资源，将用户重定向到“somePage”。 TIA

<?xml version="1.0" encoding="UTF-8" ?>

<constant name="struts.convention.default.parent.package"
    value="default" />
<constant name="struts.enable.DynamicMethodInvocation" value="false" />
<constant name="struts.custom.i18n.resources" value="global" />
<constant name="struts.objectFactory"
    value="org.apache.struts2.spring.StrutsSpringObjectFactory" />
<constant name="struts.i18n.reload" value="false" />
<constant name="struts.configuration.xml.reload" value="false" />

<package name="default" namespace="/default" extends="json-default,struts-default">

    <interceptors>
        <interceptor name="authentication"
            class="com.mycompany.abc.webapp.action.AuthenticationInterceptor" />
        <interceptor-stack name="authStack">
            <interceptor-ref name="authentication"></interceptor-ref>
            <interceptor-ref name="defaultStack"></interceptor-ref>
        </interceptor-stack>

            /> -->
        <interceptor-stack name="acc-stack">
            <!-- <interceptor-ref name="sessionCheck" /> -->

            <interceptor-ref name="json">
                <param name="enableSMD">true</param>
            </interceptor-ref>
            <interceptor-ref name="exception" />
            <interceptor-ref name="alias" />
            <interceptor-ref name="servletConfig" />
            <interceptor-ref name="i18n" />
            <interceptor-ref name="prepare" />
            <interceptor-ref name="chain" />
            <interceptor-ref name="debugging" />
            <interceptor-ref name="scopedModelDriven" />
            <interceptor-ref name="modelDriven" />
            <interceptor-ref name="fileUpload" />
            <interceptor-ref name="checkbox" />
            <interceptor-ref name="multiselect" />
            <interceptor-ref name="staticParams" />
            <interceptor-ref name="actionMappingParams" />
            <interceptor-ref name="params">
                <param name="excludeParams">dojo\..*,^struts\..*</param>
            </interceptor-ref>
            <interceptor-ref name="conversionError" />
            <interceptor-ref name="workflow">
                <param name="excludeMethods">input,back,cancel,browse</param>
            </interceptor-ref>
            <interceptor-ref name="timer" />
        </interceptor-stack>
    </interceptors>

    <default-interceptor-ref name="authStack"></default-interceptor-ref>

        <global-results>
         <result name="login" type="redirect">/home.action</result>
        </global-results>
    <action name="home">
        <interceptor-ref name="defaultStack"></interceptor-ref>
        <result name="somePage">/jsp/somePage.jsp</result>
         <result name="success">/jsp/xyz.jsp</result>
          <result name="homePage">/jsp/homePage.jsp</result>
    </action>
 <!-- <action class="com.mycompany.abc.webapp.action.LoginAction" name="login">
        <interceptor-ref name="defaultStack"></interceptor-ref>
        <result name="success">/jsp/welcome.jsp</result>
        <result name="somePage">/jsp/somePage.jsp</result>
    </action>

    <action name="welcome" class="com.mycompany.abc.webapp.action.WelcomeAction">
    <interceptor-ref name="defaultStack"></interceptor-ref>
        <result name="success">/jsp/welcome.jsp</result>
    </action> -->

</package>

登录操作:

@InterceptorRef(value = "defaultStack")
@ParentPackage("struts-default")

@Results({ @Result(name = "success", location = "/jsp/xyz.jsp"),
        @Result(name = "error", location = "/jsp/error.jsp"),
        @Result(name = "noAccess", location = "/jsp/abc.jsp"),
        @Result(name = "somePage", location = "/jsp/somePage.jsp"),
        @Result(name = "input", location = "/jsp/login.jsp"), })
public class LoginAction extends ActionSupport implements SessionAware,
        ModelDriven<MySession> {
private static final long serialVersionUID = -3369875299120377549L;
private String userId;
private String result = null;
@Autowired
CompService CompService;

MySession MySession = new MySession();
@Autowired
MyServices MyServices;

private Map<String, Object> sessionAttributes = null;
/*private User user = new User();*/

@Override
public String execute() {
    System.out.println("inside execute");
    System.out.println("userid************" + this.userid);
    if (this.userid != null) {

        HttpSession session = ServletActionContext.getRequest()
        .getSession();
        useridProfile profile = MyServices.getuseridProfile(this.userid);
        if (profile != null) {
            //here i am getting  a collection say my Coll
            if (myColl.isEmpty()) {
                result = "noAcess";
            }
            else{
                sessionAttributes.put("userId", userId);
                result = "success";
            }

        }

        return result;
    } else if (sessionAttributes.get("userid") == null) {

        System.out.println("Not logged in");
        System.out.println("userid************" + this.userid);
        result = "somePage";
    } 
    return result;
}

@Override
public void setSession(Map<String, Object> sessionAttributes) {
    this.sessionAttributes = sessionAttributes;
}

public String getuserId() {
    return userid;
}

public void setuserId(String userid) {
    this.userid = userid;
}

@Override
public MySession getModel() {
    // TODO Auto-generated method stub
    return MySession;
}

}

身份验证拦截器

public class AuthenticationInterceptor implements Interceptor{

    private static final long serialVersionUID = -5011962009065225959L;

     String result=null;
@Override
public void destroy() {
    //release resources here
}

@Override
public void init() {
    // create resources here
}

@Override
public String intercept(ActionInvocation actionInvocation)
        throws Exception {

    ActionContext sessionAttributes = actionInvocation.getInvocationContext();
    System.out.println("inside auth interceptor");
    Object sess = sessionAttributes.get("userid");

    System.out.println("inside auth interceptor"+sess);
   // User user = (User) sessionAttributes.get("USER");

    if(sess == null){

        if(sessionAttributes.get("userId") != null){
             result = actionInvocation.invoke();


    }
        return result;
    }
        else{

        return actionInvocation.invoke();

    }


}
}

登录jsp

    <%@ page language="java" contentType="text/html; charset=US-ASCII"
    pageEncoding="US-ASCII"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%-- Using Struts2 Tags in JSP --%>
<%@ taglib uri="/struts-tags" prefix="s"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<title>Login Page</title>
</head>
<body>
<h3>Welcome User, please login below</h3>
<s:form action="login">
    <s:textfield name="userId" label="userId"></s:textfield>
    <s:submit value="Login"></s:submit>
</s:form>
</body>
</html>

Answer 1

您没有使用您在操作中定义的 authStack:

 <action name="welcome" class="com.mycompany.abc.webapp.action.WelcomeAction">
<interceptor-ref name="authStack"></interceptor-ref>
    <result name="success">/jsp/welcome.jsp</result>
</action>

如果您使用注释，那么WelcomeAction应该有@InterceptorRef(value = "authStack")。

另请注意，不需要这行代码(您没有使用 session ):

HttpSession session = ServletActionContext.getRequest().getSession();

最后(也是最重要的)，你的拦截器是错误的。以下行返回 ActionContext，而不是 session :

ActionContext sessionAttributes = actionInvocation.getInvocationContext();

如果您想返回 session ，请尝试:

Map<String, Object> session = ActionContext.getContext().getSession();