我正在使用Struts2 + Spring + Hibernate为Web应用程序创建一个Login模块,如果用户希望通过该站点导航,我想强制用户登录。
我有一个LoginInterceptor
public class LoginInterceptor implements Interceptor {
public LoginInterceptor() {
}
public void destroy() {
System.out.println("LoginInterceptor destroy() is called...");
}
public void init() {
System.out.println("LoginInterceptor init() is called...");
}
public String intercept(ActionInvocation actionInvocation) throws Exception {
final ActionContext context = actionInvocation.getInvocationContext();
HttpServletRequest request = (HttpServletRequest) context.get(ServletActionContext.HTTP_REQUEST);
HttpSession session = request.getSession(true);
//Code
try {
Users userObj = (Users) session.getAttribute("userObj");
if (userObj == null) {
System.out.println("if from LoginInterceptor");
return "noLogin";
}
} catch (Exception e) {
Logger.getLogger(LoginInterceptor.class.getName()).log(Level.INFO, "message", e);
}
//Invoke action
String result = actionInvocation.invoke();
return result;
}
}
我的struts.xml
<interceptors>
<interceptor name="myLocale" class="com.deveto.struts.interceptors.LocaleInterceptor"/>
<interceptor name="login" class="com.deveto.struts.interceptors.LoginInterceptor"/>
<interceptor name="access" class="com.deveto.struts.interceptors.AccessInterceptor"/>
<interceptor-stack name="defaultStack">
<interceptor-ref name="myLocale"/>
<interceptor-ref name="login"/>
<interceptor-ref name="exception"/>
<interceptor-ref name="alias"/>
<interceptor-ref name="prepare"/>
<interceptor-ref name="i18n"/>
<interceptor-ref name="chain"/>
<interceptor-ref name="debugging"/>
<interceptor-ref name="profiling"/>
<interceptor-ref name="fileUpload"/>
<interceptor-ref name="checkbox"/>
<interceptor-ref name="params">
<param name="excludeParams">dojo\..*</param>
</interceptor-ref>
<interceptor-ref name="conversionError"/>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
<interceptor-ref name="workflow">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="defaultStack"/>
<global-results>
<result name="noLogin" type="redirectAction">show-login</result>
<result name="noAccess" type="redirectAction">access-required</result>
</global-results>
<action
name="show-login"
class="com.deveto.struts.actions.UsersAction" >
<interceptor-ref name="defaultStack"/>
<result name="success" type="tiles">tiles.login</result>
</action>
但是当我运行项目时,我有一个溢出异常,在堆栈跟踪中我什么都没有,但是Mozilla告诉我:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
和
System.out.println("if from LoginInterceptor");
重复几次。我不明白为什么,但我有更多的拦截器,除此之外还有其他好处。
答案 0 :(得分:3)
当您的LoginInterceptor返回其noLogin结果时,它会重定向并再次被LoginInterceptor拦截,从而将其转换为无限重定向循环。
因此,您必须排除show-login被LoginInterceptor拦截,例如。
定义两个拦截器堆栈,并将设置为LoginInterceptor 作为默认值:
<interceptor-stack name="defaultStack">
... same as in your question ...
</interceptor-stack>
<interceptor-stack name="noLoginStack">
... same as in your question but *without* the LoginInterceptor ...
</interceptor-stack>
<default-interceptor-ref name="defaultStack"/>
然后仅针对show-login操作,使用 noLoginStack :
<action name="show-login"
... >
<interceptor-ref name="noLoginStack"/>
...
</action>
答案 1 :(得分:1)
为什么不直接使用Spring Security呢? 配置非常简单,它与Struts2完美配合。 从那里开始:http://static.springsource.org/spring-security/site/tutorial.html或那里:http://www.mularien.com/blog/2008/07/07/5-minute-guide-to-spring-security/