是否可以限制对Struts 2中某些URL的访问?我已经拥有它,所以你无法直接访问jsp,但你可以间接访问它们。例如,如果我有一个jsp“blah.jsp”,我可以通过键入“/ blah”来访问它,如果我没有一个名为Blah.java的Action,它将自动转到结果blah.jsp。大部分时间这都是我想要的,但是会有一些我不想以这种方式访问的jsps,比如“blah-success.jsp”。有没有办法说,我无法导航到任何看起来像“/ -success”的网址?
编辑: 我几乎让它工作了......
<constant name="struts.enable.SlashesInActionNames" value="true"/>
<package name="my-secure-url" extends="my-secure" namespace="/secure**">
<action name="*">
<interceptor-ref name="secureStack"/>
<result>{1}</result>
</action>
</package>
如果我尝试访问“/ secure / anything / anything / etc”并且我没有登录,这会有效,我会被定向到登录页面。但是,如果我刚刚登录并且我在“http://localhost:8080/Struts2NewChapter8/secure/admin-portfolio”并且点击指向“http://localhost:8080/Struts2NewChapter8/secure/update/update-account-form”的链接,则会收到如下错误:
WARNING: Error setting expression '0' with value '/secure/update'
ognl.InappropriateExpressionException: Inappropriate OGNL expression: 0
at ognl.SimpleNode.setValueBody(SimpleNode.java:312)
at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220)
at ognl.SimpleNode.setValue(SimpleNode.java:301)
at ognl.Ognl.setValue(Ognl.java:737)
at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:198)
at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:161)
at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:149)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:155)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:75)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:94)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:235)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:89)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:130)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:267)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:126)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:138)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:165)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:179)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:176)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at interceptors.AuthenticationInterceptor.intercept(AuthenticationInterceptor.java:92)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:52)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:488)
at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:91)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
at java.lang.Thread.run(Unknown Source)
答案 0 :(得分:0)
但当然。 Struts按照它们在配置文件中出现的顺序匹配wildcard mappings,因此匹配请求的最后一个将是使用的那个(即,更具体的匹配必须在更具体的匹配之前)。
这样的事情可以解决问题:
<action name="*">
<result>/WEB-INF/jsp/{1}.ftl</result>
</action>
<action name="*-success">
<result>/WEB-INF/jsp/access-denied.jsp</result>
</action>
以上内容将保留您当前的行为并导致名称中带有 -success 后缀的任何文件最终以access-denied.jsp结尾。
修改:您需要启用此属性才能在操作名称中包含斜杠:
<constant name="struts.enable.SlashesInActionNames" value="true"/>
为了使它成为条件,我会使用一个拦截器堆栈来检查用户是否在转发到.jsp之前已登录:
<action name="secure/*">
<interceptor-ref name="authenticationStack"/>
<result>/WEB-INF/jsp/{1}.jsp</result>
</action>
在您的authenticationStack中,您需要一个Interceptor来确定用户是否已登录。如果不是,您将从拦截器中将它们转发到access-denied.jsp类型页面。 Struts docs on Interceptors应该可以帮到你。