堆栈内存溢出
  简体   繁体   English

如何在Struts2中进行URL身份验证

[英]How to do URL authentication in struts2

 原文  2010-06-09 21:53:12       spring/ struts2/ iinterceptor

问题描述

I am using struts2.1.6 + Spring 2.5 I have four modules in my application. 我正在使用struts2.1.6 + Spring 2.5我的应用程序中有四个模块。

  1. Registration Module 注册模块
  2. Admin Module 管理模块
  3. Quote Module 报价模块
  4. Location Module. 定位模块。

In registration module the customer can register himself and only after registering he is supposed to have access of the remaining three modules. 在注册模块中,客户可以注册自己,只有在注册后,客户才可以访问其余三个模块。

I want to implement something like if the action being called belongs to the registration module it will work as normal but if the action being called belongs to the rest of those three modules it first should check if the user is logged-in and session has not timed-out. 我要实现一个类似的功能,如果被调用的动作属于注册模块,它将正常运行,但是如果被调用的动作属于这三个模块的其余部分,则它首先应检查用户是否已登录并且会话尚未时间到。 if yes it should proceed normally otherwise it should redirect to the login page. 如果是,则应正常进行,否则应重定向到登录页面。

Through research I have found out that interceptors could be used for this purpose but before proceeding I thought its better to get some feedback on it from experts. 通过研究,我发现拦截器可以用于此目的,但在继续之前,我认为最好从专家那里获得一些反馈。

Please suggest how it should be done and If possible put some code suggestions. 请建议应该如何做,如果可能,请提出一些代码建议。

Here is my struts.xml file(The struts.xml contains four different config files belonging to each module): 这是我的struts.xml文件(struts.xml包含属于每个模块的四个不同的配置文件): 

    <struts>
    <include file="struts-default.xml" />
    <constant name="struts.i18n.reload" value="false" />
    <constant name="struts.objectFactory" value="spring" />
    <constant name="struts.devMode" value="false" />
    <constant name="struts.serve.static.browserCache" value="false" />
    <constant name="struts.enable.DynamicMethodInvocation" value="true" />
    <constant name="struts.multipart.maxSize" value="10000000" />
    <constant name="struts.multipart.saveDir" value="C:/Temporary_image_location" />

    <include file="/com/action/mappingFiles/registration_config.xml" />
    <include file="/com/action/mappingFiles/admin_config.xml" />
    <include file="/com/action/mappingFiles/quote.xml" />
    <include file="/com/action/mappingFiles/location_config.xml" />

</struts>

The sample registration_config.xml file is: 示例的registration_config.xml文件是: 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
    <package name="registration" extends="struts-default"
        namespace="/my_company">

        <action name="LoginView" class="registration" method="showLoginView">
            <result>....</result>
            <result name="input">...</result>
        </action>
         </package>
</struts>

The sample admin_config.xml file is: 样本admin_config.xml文件为: 

<?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd">
    <struts>
        <package name="admin" extends="struts-default"
            namespace="/my_company">

            <action name="viewAdmin" class="admin" method="showAdminView">
                <result>....</result>
                <result name="input">...</result>
            </action>
             </package>
    </struts>

Same code is there in the rest of two struts2 xml config files. 在两个struts2 xml配置文件的其余部分中,存在相同的代码。 I have used the same namespace in all the four config files with the different package names(As you can see) 我在所有四个配置文件中都使用了相同的名称空间,并且使用了不同的包名称(如您所见)

1 个解决方案

解决方案1
 0  2010-06-10 01:26:50

Note: standard practice is to use a different namespace for each package, eg "/my_company/admin" for the admin package, etc. 注意:标准做法是为每个软件包使用不同的名称空间,例如,“ / my_company / admin”用于管理软件包等。

Using interceptors is the right approach: it decouples authentication from the actions themselves. 使用拦截器是正确的方法:它将身份验证与操作本身脱钩。 You can define two different interceptor stacks, one that requires the user to be logged in, and one which doesn't. 您可以定义两种不同的拦截器堆栈,一种需要用户登录,另一种则不需要。 Start by copying the interceptor stack from struts-default.xml, and then customize to your requirements. 首先从struts-default.xml复制拦截器堆栈,然后根据需要进行自定义。 These definitions can be placed in an abstract base package: 这些定义可以放在抽象的基本包中: 

<package name="my-base" abstract="true" extends="struts-default">
    <interceptors>
        <interceptor-stack name="login-required">
            <interceptor-ref name="exception"/>
            <interceptor-ref name="alias"/>
            <!-- etc -->
        </interceptor-stack>
        <interceptor-stack name="login-not-required">
            <!-- etc -->
        </interceptor-stack>
    </interceptors>
</package>

Then your other packages just need to extend this base package: 然后您的其他软件包只需要扩展此基本软件包: 

<package name="admin" extends="my-base" namespace="/my_company/admin">
    <default-interceptor-ref name="login-required"/>

    <!-- actions defined here -->
</package>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Struts1和Spring中进行url重定向 - How to do a url redirection in Struts1 and Spring 如何在Struts2中访问已登录用户的用户名? - How to access the username of the logged user in Struts2? 如何在Struts2中获取Springs ApplicationContext? - how to get Springs ApplicationContext in Struts2? 如何集成Spring Security和Struts2 - How to integrate Spring Security and Struts2 如何集成 spring bean 和 struts2? - How to integrate spring beans and struts2? 如何提示用户在Struts2中触发动作 - how to prompt user to fire an action in Struts2 Spring如何在struts2动作中注入依赖项? - how dependencies are injected in struts2 action with spring? 如何启动并运行 struts2 应用程序? - How to get the struts2 application up and running? 使用Struts2 Spring Hibernate进行异常处理-做到这一点的最佳方法 - Exceptionhandling using Struts2 spring hibernate - best way to do it 带有SpringSecurity和Tiles的Struts2 - Struts2 with SpringSecurity and Tiles
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM