可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I have many classes created in my Struts application. I did not check whether logged in condition in any of the classes. Instead I have extended a base action class.
Now I want to create a pre-handler in my base action to check logged in and redirect if they are not logged in. I want something like this.
public BaseAction(){ if(isLoggedIn){ //go to child which was called } else { //redirect to login page } }
Another way is to check isLoggedIn() by calling this method in all action classes and defining a global result like
Login.action
Please help me to find better way for this.
回答1:
Looks like you want to check in the constructor of the base action class, but you are mistaken. The constructor is used by the object factory to instantiate your action instance. In this stage a few things is available to you. In your case it's wrong. Another approach is if you move the logic into the method say execute() and call super.execute() before any method call would work, but if you forget to put the super call in the action then you may end up the action code running not authenticated. To prevent it you should run the code before any action is executed and be able to access the action instance or action context to be more Struts2. I guess you've never read the book "Struts 2 in Action" so I will give you some my own thoughts. It's about creating AuthenticationInterceptor and the action that implements UserAware that injects the user logged in into the action that implement this interface. The interceptor is looks like
public class AuthenticationInterceptor implements Interceptor { public void destroy() { } public void init() { } public String intercept(ActionInvocation actionInvocation) throws Exception { Map session = actionInvocation.getInvocationContext().getSession(); User user = (User) session.get(Struts2MyConstants.USER); if (user == null) { return Action.LOGIN; //login required result } else { Action action = (Action)actionInvocation.getAction(); if (action instanceof UserAware) { User freshUser = myService.getUser(user.getId()); ((UserAware)action).setUser(freshUser); } System.out.println("Logged in: interceptor"); return actionInvocation.invoke(); } }
The UserAware is looks like
public interface UserAware { public void setUser( User user ); }
and make a secure default stack that will reference any action
If you make your base action to implement UserAware then the user object that is logged in will be available not only from session but in action too if you define getter for the user or make it protected. You have to make the User object immutable so that not compromise the security feature.
回答2:
You can use a Filter. It will be a lot more transparent than requiring all your classes to extend your BaseAction.
Edit
You would map this filter in your web.xml file, so it would be executed before the Struts controller servlet.
AuthorizationFiltermy.company.AuthorizationFilterAuthorizationFilterStrutsActionServlet
Or by URL pattern:
AuthorizationFilter*.do
Edit
You have changed the question, and it appears it's struts 2 you're using after all. In that case, you can write an interceptor instead of a filter. It would basically do the same, but an interceptor can be configured along with the rest of your struts configuration.
