struts2 自定义拦截器实现身份认证

拦截器代码

AuthenticationInterceptor.java

package com.gifer.action;

import java.util.Map;

import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.ActionSupport;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;

/**
* 用户身份认证拦截器
*
* @author zhongdc
*
*/
public class AuthenticationInterceptor extends AbstractInterceptor {

/**
*
*/
private static final long serialVersionUID = -2075246646578254128L;

@Override
public String intercept(ActionInvocation invocation) throws Exception {
Map map = ActionContext.getContext().getSession();
Object user = map.get("user");
if (user == null) {
// 如果session中没有当前用户信息，则终止调用action，并转向登录页面
ActionSupport action = (ActionSupport) invocation.getAction();
action.addActionMessage("您还没有登录或登录已经超过时限，请您重新登录！");
return Action.LOGIN;
} else {
// 正常继续调用action
return invocation.invoke();
}
}

}

登录验证代码，何存用户 信息到session

@Override
public String execute() throws Exception {
String ret = INPUT;

// 为了做表单重复提交测试，后台处理延时5秒
// Thread.currentThread();
// Thread.sleep(5 * 1000);

try {
LoginUser u = this.loginUserService.findById(this.user.getUserId());
String password = MD5.ConvertToMD5(user.getPassword());
if (null != u && u.getPassword().equals(password.toUpperCase())) {
ret = SUCCESS;
this.session.put("user", u);// 将用户信息存到session中
} else {
tip = "登录验证失败！输入的用户名或密码错误。";
}
} catch (Exception e) {
tip = "登录验证异常。";
log.error(e.getMessage(), e);
}
return ret;
}

struts.xml

这里采用了拦截器栈

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN" "http://struts.apache.org/dtds/struts-2.1.dtd">
<struts>
<package name="com.gifer.action" extends="json-default">
<interceptors>
<!-- 自定义身份证认证拦截器 -->
<interceptor name="auth" class="com.gifer.action.AuthenticationInterceptor"></interceptor>
<!-- 自定义拦截器栈 -->
<interceptor-stack name="securityStack">
<interceptor-ref name="auth"></interceptor-ref>
</interceptor-stack>
</interceptors>
<!-- 定义全局Result -->
<global-results>
<result name="login">/login.jsp</result>
<result name="error">/error.jsp</result>
</global-results>
<action name="login" class="loginAction">
<result name="input">/login.jsp</result>
<result name="success">/index.jsp</result>

<!-- 重复提交表单时，跳转路径 -->
<result name="invalid.token">/token.jsp</result>
<!-- 重复提交表单拦截器 -->
<interceptor-ref name="token"></interceptor-ref>
<!-- 时间拦截器用于输出action调用时间，为了方便做性能调试
<interceptor-ref name="timer"></interceptor-ref>
-->
<!-- struts2默认拦截器 -->
<interceptor-ref name="defaultStack"></interceptor-ref>
</action>
<action name="logout" class="logoutAction">
<result name="success">/login.jsp</result>
</action>
<action name="userManager" class="userManagerAction">
<result name="listUser" type="json"></result>
<result name="addUser" type="json"></result>
<result name="deleteUser" type="json"></result>
<result name="lockUser" type="json"></result>
<result name="unLockUser" type="json"></result>
<result name="findUserById" type="json"></result>
<!-- 引用自定义身份认证拦截器栈 -->
<interceptor-ref name="securityStack"></interceptor-ref>
<!-- struts2默认拦截器 -->
<interceptor-ref name="defaultStack"></interceptor-ref>
</action>

</package>

</struts>

注意：拦截器无法拦截所有的请求，它只能拦截action，所以针对其它类型的请求，如jsp页面的访问，可以使用过滤器来实现控制。