Struts2中利用filter、session实现安全访问和身份认证

1、Struts2 中利用中利用 filter、session 实现安全访问和身份认证实现安全访问和身份认证来自原博客链接： http:/ 软件JDK 1.7Apach Tomcat 72、通过 eclipse 创建 Dynamic Web Project 后,导入相应的 Struts2 的 jar 文件：3、导入 jar 包后，创建如下图所示项目相应目录：权限说明（1） 根目录（WebContent）下的资源,如：index.jsp 和 login.jsp，允许匿名访问。（2）Admin目录下的admin.jsp只允许角色为”admin”的用户访问。User目录下的user.jsp只允许角色为”

2、user”的用户访问4、相应的 jsp 代码如下：index.jsp:html view plain copy.6.7.Insert title here1.12.13.welcome to you !0.21.login.jsp:html view plain copy3.base href=14.15.Insert title here9.20.21.用户名5.密码8.user.

3、jsp:html view plain copy.6.7.Insert title here9.用户名：3.余额：7.住址：1.电话：5.36.37.admin.jsp:html view plain copy.6.7.Insert title here9.用户名：3.余额：7.住址：1.电话：5.36.37.创建用于登陆验证类 Login.

4、java：java view plain copy1.package com.axb.cheney.filter;2.3.4.import javax.servlet.http.HttpServletRequest;5.import javax.servlet.http.HttpSession;6.7.import erceptor.ServletRequestAware;8.9.import com.opensymphony.xwork2.ActionSupport;10.11.public class Login extends ActionSu

5、pport12.implements ServletRequestAware13.14.private static final long serialVersionUID = 1L;15.private String name;16.private String password;17.private HttpServletRequest request;18.19.public String pass()20.21.HttpServletRequest req = this.request;22.HttpSession session = req.getSession();23.if (t

6、.equals(user1) & (this.password.equals(password1)24.session.setAttribute(name, );25.session.setAttribute(balance, 10,000);26.session.setAttribute(address, 广东省深圳市福田区购物公园);27.session.setAttribute(tel, 12665654856);28.System.out.println(login: + );29.return user;30.if (thi

7、.equals(admin) & (this.password.equals(password2)31.session.setAttribute(name, );32.session.setAttribute(balance, 9,000);33.session.setAttribute(address, 广东省珠海市香洲区北理工);34.session.setAttribute(tel,;35.System.out.println(login: + );36.return admin;37.38.System.

8、out.println(login: fail);39.return failure;40.41.42.public String getName()43.44.return ;45.46.47.public void setName(String name) 48. = name;49.50.51.public String getPassword() 52.return this.password;53.54.55.public void setPassword(String password) 56.this.password = password;5

9、7.58.59.public HttpServletRequest getRequest() 60.return this.request;61.62.63.public void setServletRequest(HttpServletRequest request)64.65.this.request = request;66.67.修改 Struts.xml 文件：html view plain copy.6./WEB-INF/error.jsp17.18.19./login.jsp 20.21.23./login.jsp

10、 24./user/user.jsp 25./admin/admin.jsp 9.创建用于拦截验证身份的 UserAuthenticationFilter.javajava view plain copy1.package com.axb.cheney.filter;2.3.import java.io.IOException;4.5.import javax.servlet.Filter;6.import javax.servlet.FilterChain;7.import javax.servlet.FilterConfig;8.import javax.servlet

11、.ServletException;9.import javax.servlet.ServletRequest;10.import javax.servlet.ServletResponse;11.import javax.servlet.http.HttpServletRequest;12.import javax.servlet.http.HttpServletResponse;13.import javax.servlet.http.HttpSession;14.15.public class UserAuthenticationFilter16.implements Filter17.

12、18.private static String LOGIN_PAGE = /login.jsp;19.20.public void destroy()4.public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)25.throws IOException, ServletException26.27.HttpServletRequest req = (HttpServletRequest)request;28.HttpServletResponse re

13、s = (HttpServletResponse)response;29.30.String currentUrl = req.getServletPath();31.32.HttpSession session = req.getSession();33.34.System.out.println(UserAuthenticationFilter);35.if (currentUrl.equals() currentUrl = currentUrl + /;36.if (currentUrl.startsWith(/) & (!currentUrl.startsWith(/login

14、.jsp) 37.String user = (String)session.getAttribute(name);38.if (user = null) 39.res.sendRedirect(req.getContextPath() + LOGIN_PAGE);40.return;41.42.if (!user.equals(user1) 43.session.removeAttribute(name);44.res.sendRedirect(req.getContextPath() + LOGIN_PAGE);45.return;9.chain.doFilter(re

15、quest, response);50.51.52.public void init(FilterConfig arg0)53.throws ServletException54.55.56.创建用于拦截验证身份的 AdminAuthenticationFilter.javahtml view plain copy1.package com.axb.cheney.filter;.import java.io.IOException;6.7.import javax.servlet.Filter;8.import javax.servlet.FilterChain;9.import

16、 javax.servlet.FilterConfig;10.import javax.servlet.ServletException;11.import javax.servlet.ServletRequest;12.import javax.servlet.ServletResponse;13.import javax.servlet.http.HttpServletRequest;14.import javax.servlet.http.HttpServletResponse;15.import javax.servlet.http.HttpSession;16.17.public c

17、lass AdminAuthenticationFilter18.implements Filter19.20.private static String LOGIN_PAGE = /login.jsp;21.22.public void destroy()6.public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)27.throws IOException, ServletException28.29.HttpServletRequest req =

18、(HttpServletRequest)request;30.HttpServletResponse res = (HttpServletResponse)response;31.32.String currentUrl = req.getServletPath();33.34.HttpSession session = req.getSession();35.36.System.out.println(AdminAuthenticationFilter);37.if (currentUrl.equals() currentUrl = currentUrl + /;38.if (current

19、Url.startsWith(/) & (!currentUrl.startsWith(/login.jsp) 39.String user = (String)session.getAttribute(name);40.if (user = null) 41.res.sendRedirect(req.getContextPath() + LOGIN_PAGE);42.return;43.44.if (!user.equals(admin) 45.session.removeAttribute(name);46.res.sendRedirect(req.getContextPath() + LOGIN_PAGE);47.return;48.49.50.chain.doFilter(request, response);51.52.53.public void init(FilterConfig arg0)54.throws ServletException55.56.57.最后配置 web.xml 文件用于过滤 admin 和 user 目录下的资源访问html view plain copy.SAML7.8.9.i