?
1.?????? Struts2的拦截器
它一般作为Session建权(建立权限)用,在拦截器中进行session的判断。
引用一段别人的代码
先看拦截器配置
|
<package name="xxx-default" extends="struts-default"> ???????? <interceptors> ???????? ??? <interceptor name="loginAuth" ?????????????????? class="XXX.LoginAuthInterceptor" /> ???????? ??? <interceptor-stack name="completeStackWithLoginAuth"> ?????????????????? <interceptor-ref name="loginAuth" /> ?????????????????? <interceptor-ref name="defaultStack" /> ???????? ??? </interceptor-stack> ???????? </interceptors> ???????? <default-interceptor-ref name="completeStackWithLoginAuth" /> ???????? <global-results> ???????? ??? <result name="login">/userLogin/error.jsp</result> ???????? ??? <result name="expire">/modifyPW/modifyPW.jsp</result> ???????? ??? <result name="forbid">/userLogin/forbid.jsp</result> ???????? </global-results> </package> |
之后编辑拦截器类
|
@SuppressWarnings("serial") public class LoginAuthInterceptor extends AbstractInterceptor { ? ? ??? @Override ??? public String intercept(ActionInvocation actionInvocation) throws Exception { ??????? // 获得会话中的用户身份字段 ??????? Map session = actionInvocation.getInvocationContext().getSession(); ??????? String user = (String) session.get(ISysParam.SESSION_USER); ??????? if (null == user) { ??????????? return Action.LOGIN; ??????? } else { ??????????? StringBuffer invokeMtd = new StringBuffer(actionInvocation ??????????????????? .getProxy().getNamespace()); ??????????? invokeMtd.append("/" ??????????????????? + actionInvocation.getInvocationContext().getName()); ??????????? String role = (String) session.get(ISysParam.USER_ROLE); ??????????? ??????????? //测试代码? 如果是用户名是admin 则不进行权限判断 //??????????? if(user.equals(ISysParam.ROLETYPE_ADMIN)){ //??????????????? return actionInvocation.invoke(); //??????????? } ??????????? ??????????? /* ???????????? * 得到该所能操作的名称空间 if(可以访问当前的名称空间){ 跳出拦截器 else{ 转到没有权限的页面 } } ???????????? */ //??????????? if (role.contains(invokeMtd.toString())) { //??????????????? return actionInvocation.invoke(); //??????????? } else { //??????????????? return "forbid"; //??????????? } ? ??????????? // if (!user.getUserName().equals(ISysParam.ROLETYPE_ADMIN)) { ??????????? // // 对非ADMIN用户,检查模块访问权限 ??????????? // if (!chkPrivilege()) { ??????????? // log.debug(user.getUserName() + ":" +ISysParam.OPER_CANCEL); ??????????? // return FORBID; ??????????? // } ??????????? // } ??????????? // return actionInvocation.invoke(); ??????????? // } ?? ??????????return actionInvocation.invoke(); ??????? } ? ??? } } |
之后的流程配置如下
|
<package name="xxx" namespace="/xxx" ??????? extends="xxx-default"> ??????? <action name="*" method="{1}" class="XXXAction"> ??????????? <result name="input">{1}.jsp</result> ??????????? <result name="error">{1}.jsp</result> ??????????? <result name="success">{1}.jsp</result> ??????? </action> ??? </package> <package name="xxx2" namespace="/xxx2" ??????? extends="xxx-default"> ???????? <action name="*" method="{1}" class="XXX2Action"> ???????? ??? <result name="input">{1}.jsp</result> ???????? ??? <result name="error">{1}.jsp</result> ???????? ??? <result name="success">{1}.jsp</result> ???????? </action> </package> |
自己定义
<package name="myPkg" abstract="true" extends="struts-default"></package>
在这个包下面定义拦截器, 这个包下面定义拦截器栈的引用, 引用defaultStack和你自己定义的拦截器!然后你需要用这个拦截器的包都继承这个包就好了!
1.?????? Struts2的防刷新提交机制 在Struts2中解决表单的重复提交感觉还算简单。 token: 在活动中检查合法令牌(token), 防止表单的重复提交; tokenSession: 同上, 但是在接到非法令牌时将提交的数据保存在session中; 首先在struts.xml中配置Action如下信息
<!-- 评论Action --> <action name="commentsAction" class="action.CommentsAction"> ? ???????? <result name="invalid.token" type="redirect">productAction!list.action ???????? </result> ???????? <interceptor-ref name="defaultStack"> ?????????????????? <param name="workflow.excludeMethods">default</param> ???????? </interceptor-ref> ???????? <interceptor-ref name="token"> ?????????????????? <param name="includeMethods">add,update</param> ???????? </interceptor-ref> ? ???????? <result name="listByProductsId">/admin/page/commentsList.jsp</result> ???????? <result name="add">/admin/page/commentsAdd.jsp</result> ???????? <result name="update">/admin/page/commentsUpdate.jsp</result> </action>
在这个Action中引用了2个拦截器,一个是默认的注入拦截器defaultStack,另一个就是令牌拦截器token,之后还定义了一个重复提交后的返回地址invalid.token。
之后在页面表单form中加入<s:token></s:token>就可以了。
?