rr8*_*r87 0 java jsp struts2 java-ee
有人可以解释我如何编写一个自定义登录拦截器来检查用户名,密码,并检查用户的有效日期是否大于当前日期.我是java编程和struts 2的新手......我真的很感激一步一步的信息.我通过手动jdbc连接获得用户名等信息...我有一个jndi设置.这也需要进行会话管理.
所以一步一步地使用以下代码示例会很好,
1)dao使用jndi从DB获取用户名等
2)具有会话感知的登录操作
3)拦截器
4)login.jsp
5)拦截器的struts.xml定义
6)task.jsp和task2.jsp(只有在用户登录时才能看到的内部页面)
谢谢!
你走在正确的轨道上.
关于该主题的文章很多(google it).选择一个并尝试理解它.拦截器部分看起来像这样:
public String intercept (ActionInvocation invocation) throws Exception {
// Get the action context from the invocation so we can access the
// HttpServletRequest and HttpSession objects.
final ActionContext context = invocation.getInvocationContext ();
HttpServletRequest request = (HttpServletRequest) context.get(HTTP_REQUEST);
HttpSession session = request.getSession (true);
// Is there a "user" object stored in the user's HttpSession?
Object user = session.getAttribute (USER_HANDLE);
if (user == null) {
// The user has not logged in yet.
// Is the user attempting to log in right now?
String loginAttempt = request.getParameter (LOGIN_ATTEMPT);
if (! StringUtils.isBlank (loginAttempt) ) { // The user is attempting to log in.
// Process the user's login attempt.
if (processLoginAttempt (request, session) ) {
// The login succeeded send them the login-success page.
return "login-success";
} else {
// The login failed. Set an error if we can on the action.
Object action = invocation.getAction ();
if (action instanceof ValidationAware) {
((ValidationAware) action).addActionError ("Username or password incorrect.");
}
}
}
// Either the login attempt failed or the user hasn't tried to login yet,
// and we need to send the login form.
return "login";
} else {
return invocation.invoke ();
}
}
上面的代码示例是本文的一部分,您还可以在其中找到其他步骤.
我建议的另一种方法是将Spring安全性与Struts 2集成.这样您就可以获得安全且经过验证的可配置安全堆栈.
| 归档时间: |
|
| 查看次数: |
4334 次 |
| 最近记录: |