如何在Struts2中验证对JSP页面的请求
[英]How to validate a request to a JSP page in Struts2
问题描述
A request to an Action can be validated using the Interceptors. 
可以使用拦截器验证对Action的请求。 Also, Direct request to a JSP page can be avoided using an empty action declaration. 此外,使用空操作声明可以避免对JSP页面的直接请求。 It is something like this; 就是这样的;
<action name="home" >
<result>home.jsp</result>
</action>
I want to validate this calling to the JSP page. 我想验证这个调用JSP页面。 As I feel that a simple approach can be adding an Action ( ActionSupport ) with an Interceptor which checks the action name( and do some validation using session etc). 因为我觉得一个简单的方法可以添加一个Action( ActionSupport )和一个Interceptor来检查动作名称(并使用session等进行一些验证)。 But I've a doubt that whether it reduces the performance,because that action class doesn't do anything and just execute its execute() only(useless task...), and where there should be an empty Action .(BUT: as I ve read some docs on Struts2, it is said that even though we don't add an Action calss,the framework itself adds and action class which returns "success" therefore,adding an action class or not ourselves, doesn't affect newly ) 但是我怀疑它是否会降低性能,因为该动作类不执行任何操作而只执行其execute() (无用的任务...),并且应该有一个空Action 。(但是:因为我已经阅读了一些关于Struts2的文档,据说即使我们没有添加一个Action calss,框架本身也会添加动作类,因此返回“成功”,添加一个动作类或不是我们自己,不会影响新 )
Any way, I d like to know what your best approaches are to validate or authorized access to some JSP pages.( number of pages can be many.. not only to one jsp page) 无论如何,我想知道你最好的方法是验证或授权访问某些JSP页面。(页面数量可以很多......不仅仅是一个jsp页面)
Added: Example: 补充:示例:
Lets say that, there are some restricted pages where all users can't have access,for example user's account page can be visited only to logged in users.There can be more such type of pages. 可以说,有一些限制页面,所有用户都无法访问,例如用户的帐户页面只能访问登录用户。可以有更多这种类型的页面。 If a request comes to a such page,the user has to be validated.Then, if the request comes through a empty/anonymous action (as explained in above code snip -only action name-no real class) how to validate such requests to JSP pages? 如果请求到达此类页面,则必须验证用户。然后,如果请求通过空/匿名操作(如上面的代码snip -only action name-no real class中所述)如何验证此类请求JSP页面? Should an action class be used for this? 是否应该使用动作类?
2 个解决方案
解决方案1
1 已采纳 2012-06-24 07:43:35
If your attention is to secure some part of your application so as only Authenticated as well authorize use can access that part, than you have two option 如果您注意保护应用程序的某些部分,以便只有经过身份验证以及授权使用可以访问该部分,那么您有两个选项
- Use an interceptor based authentication 使用基于拦截器的身份验证
- User a security API like Spring -security 使用像Spring -security这样的安全API
Interceptor based authentication is quite easy. 基于拦截器的身份验证非常简单。 here is an example how to do this, but such authentication is not recommended for a production based and real life application since its really a very simple case. 以下是如何执行此操作的示例,但不建议将此类身份验证用于基于生产和实际的应用程序,因为它实际上是一个非常简单的案例。
if you are looking for a complete authentication system, i suggest you to look at Spring security.Its quite easy and configurable, all you need to tell the underlying spring mechanism which all areas and under secure tag and Spring security will intercept them before your action get called and only successful and authorize action will get called by spring security. 如果你正在寻找一个完整的身份验证系统,我建议你看看Spring的安全性。它非常容易和可配置,所有你需要告诉底层弹簧机制所有区域和安全标签和Spring安全将在你的行动之前拦截它们获得调用并且只有成功并且授权操作将被Spring安全性调用。
解决方案2
1 2012-06-24 08:06:52
//This is for authorization //这是授权
package com.kogent.action;
import java.io.IOException;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.dispatcher.Dispatcher;
import org.apache.struts2.dispatcher.mapper.ActionMapping;
import org.apache.struts2.dispatcher.ng.ExecuteOperations;
import org.apache.struts2.dispatcher.ng.InitOperations;
import org.apache.struts2.dispatcher.ng.PrepareOperations;
import org.apache.struts2.dispatcher.ng.filter.FilterHostConfig;
import org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter;
public class SessionController extends StrutsPrepareAndExecuteFilter {
protected PrepareOperations prepare;
protected ExecuteOperations execute;
protected List<Pattern> excludedPatterns = null;
public void init(FilterConfig filterConfig) throws ServletException {
InitOperations init = new InitOperations();
try {
FilterHostConfig config = new FilterHostConfig(filterConfig);
init.initLogging(config);
Dispatcher dispatcher = init.initDispatcher(config);
init.initStaticContentLoader(config, dispatcher);
prepare = new PrepareOperations(filterConfig.getServletContext(),
dispatcher);
execute = new ExecuteOperations(filterConfig.getServletContext(),
dispatcher);
this.excludedPatterns = init.buildExcludedPatternsList(dispatcher);
postInit(dispatcher, filterConfig);
} finally {
init.cleanup();
}
}
/**
* Callback for post initialization
*/
protected void postInit(Dispatcher dispatcher, FilterConfig filterConfig) {
}
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
try {
prepare.setEncodingAndLocale(request, response);
prepare.createActionContext(request, response);
prepare.assignDispatcherToThread();
if (excludedPatterns != null
&& prepare.isUrlExcluded(request, excludedPatterns)) {
chain.doFilter(request, response);
} else {
request = prepare.wrapRequest(request);
ActionMapping mapping = prepare.findActionMapping(request,
response, true);
if (mapping == null) {
boolean handled = execute.executeStaticResourceRequest(
request, response);
if (!handled) {
chain.doFilter(request, response);
}
} else {
//here you have to identify the whether the user have access to requested resource or not
//allow him if he was access.
//if(someCondition)
execute.executeAction(request, response, mapping);
//else{
//redirect the user how do you want it to be.
ActionMapping modfiedActionMapping = new ActionMapping();
modfiedActionMapping.setName("someActionName");
modfiedActionMapping.setNamespace("someNameSpace");
execute.executeAction(request, response, modfiedActionMapping);
//}
}
}
} finally {
prepare.cleanupRequest(request);
}
}
public void destroy() {
prepare.cleanupDispatcher();
}
} }
<filter>
<filter-name>struts2</filter-name>
<filter-class>Point to your customized filter</filter-class>
</filter>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.