java用户登录拦截判断

用maven生成了appfuse的webssh项目里面东西比较多调查了下做个记录。

web应用中，我们经常使用filter机制来确定外部请求的用户是否登录，角色是否合法等。spring提供了
一个DelegatingFilterProxy机制来完成filter的部分功能。通过例子做一个简单对比。二者看起来
没有什么太大的区别，在spring中，filter被纳入了bean 管理机制。

1.servlet filter
* LoginFilter .Java

[java] view plain copy

package servlet.filter;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class LoginFilter implements Filter {
protected FilterConfig filterConfig;
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
public void destroy() {
this.filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws java.io.IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String username = req.getParameter("j_username");
System.out.println("this is in servlet filter");
chain.doFilter(request, response);
}
}

*web.xml

[html] view plain copy

<filter>
<filter-name>simplelogin</filter-name>
<filter-class>servlet.filter.LoginFilter</filter-class>
<init-param>
<param-name>hello</param-name>
<param-value>hello filter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>simplelogin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

2. Spring filter
*LoginFilter.java

[java] view plain copy

package filter;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.*;
import javax.servlet.http.*;
import org.apache.commons.logging.*;
public class LoginFilter implements Filter {
private FilterConfig filterConfig = null;
Log log = LogFactory.getLog(LoginFilter.class);
public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
Principal principal=request.getUserPrincipal();
HttpServletResponse response=(HttpServletResponse)res;
log.info("filter user name:"+request.getParameter("j_username")+":"+principal.toString());
log.info("filter password :"+request.getParameter("j_password"));
chain.doFilter(req,res);
}
public void init(FilterConfig config) throws ServletException {
this.filterConfig = config;
}
public void destroy() {
filterConfig = null;
}
}

*
web.xml

[html] view plain copy

<filter>
<description>LoginFilter</description>
<display-name> LoginFilter</display-name>
<filter-name>LoginFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<description>
</description>
<param-name>targetBeanName</param-name>
<param-value>loginFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

*spring context config

[html] view plain copy

<bean id="loginFilter" class="filter.LoginFilter" />

3.struts2 的拦截器

[html] view plain copy

<interceptors>
<interceptor name="authority"
class="com.bolo.examples.common.interceptor.AuthorityInterceptor" />
<interceptor-stack name="boloStack">
<interceptor-ref name="authority">
<param name="excludeMethods">welcome,login</param>
</interceptor-ref>
<interceptor-ref name="defaultStack"></interceptor-ref>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="boloStack" />
<global-results>
<result name="login">/jump.jsp</result>
</global-results>

Interceptor类

[java] view plain copy

/**
* 登录验证拦截器
* @author 菠萝大象
*/
public class AuthorityInterceptor extends MethodFilterInterceptor{
@Override
protected String doIntercept(ActionInvocation actioninvocation) throws Exception {
Object user = ServletActionContext.getRequest().getSession().getAttribute("user");
if(user != null){
return actioninvocation.invoke(); //递归调用拦截器
}else{
return Action.LOGIN; //返回到登录页面
}
}
}

本站仅提供存储服务，所有内容均由用户发布，如发现有害或侵权内容，请点击举报。