Struts2：拦截器可以处理未经授权的访问吗？

发布于 2024-12-04 22:39:23 字数 575 浏览 0 评论 0原文

我正在尝试了解 Struts2 拦截器。所以如果我的问题很愚蠢，请原谅。

我猜想拦截器是特定于某个操作类的（这意味着在调用特定操作类之前，它们会被调用）。

例如：

<action name="test" class="com.jranch.Test">
    <interceptor-ref name="GuiStack”/>
    <result name="success">/secure.jsp</result>
</action>

我的问题是：假设一个场景，必须保护网站中的图片免受未经授权的访问（意味着如果用户直接在浏览器中输入 URL，则在登录之前不应允许他们看到图片）。

我的观点是，如果它与 Servlet 过滤器相关，我可以通过将 url-pattern 标记放在 /* 来检查所有请求来编写一个简单的过滤器。 Struts2 拦截器可以处理这个问题吗，因为我猜它们是特定于操作类的？

如果我错了，请纠正我。

原文

I am trying to understand Struts2 Interceptors. So please excuse if my questions are dumb.

I guess that interceptors are specific to an action class (that means before calling a specific action class, they get invoked).

For example:

<action name="test" class="com.jranch.Test">
    <interceptor-ref name="GuiStack”/>
    <result name="success">/secure.jsp</result>
</action>

My question is: Assume a scenario where pictures in a website must be protected from unauthorized access (Means if the user directly enters an URL in the browser, they should not be allowed to see the pictures until they are logged in).

My view is that if its related to Servlet Filters, I can write a simple filter by putting url-pattern tag to /* to check all requests. Can Struts2 interceptors handle this as I guess they are specific to action class?

Please correct me if i am wrong.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

两个我 2024-12-11 22:39:23

正如 Steven 所说，拦截器并不特定于任何 Action，它们实际上是 Struts2 框架的核心
拦截器是一组可重用的组件。在所有情况下，它们都应用于请求处理周期，包括从异常处理到角色处理。
当人们为特定操作编写拦截器时，这是一个非常琐碎的用例。

您正在讨论的用例可以由拦截器处理，其中对于特定资源的每个请求都可以首先由拦截器拦截，并根据允许访问的自定义标准，我们要么将请求转发到调用堆栈，要么可以拒绝该请求。

public String intercept (ActionInvocation invocation) throws Exception {
    final ActionContext context = invocation.getInvocationContext ();
    Map<String, Object> session = ActionContext.getContext().getSession();
     Object user = session.getAttribute (USER_HANDLE);
    if (user == null) {

                //Any processing
               return "login";   //User is not logged in so ask him/her to login
    } else {
        return invocation.invoke ();  //user is trusted one let her go ahead
    }
}

Well As Steven told Interceptors are not specific to any Action, they in fact are the core of Struts2 framework
Interceptors are a set of reusable components.In all cases they are Applied to a request processing cycle which includes from Exception Handling to Role handling.
Its very trivial use case when one will write a Interceptor for a particular Action.

Use case you are talking about can be handled by Interceptor where for each request for a particular resources can be first intercepted by the Interceptor and based on out custom criteria whom to allow access we either forward the request down the calling stack or can reject the request.

public String intercept (ActionInvocation invocation) throws Exception {
    final ActionContext context = invocation.getInvocationContext ();
    Map<String, Object> session = ActionContext.getContext().getSession();
     Object user = session.getAttribute (USER_HANDLE);
    if (user == null) {

                //Any processing
               return "login";   //User is not logged in so ask him/her to login
    } else {
        return invocation.invoke ();  //user is trusted one let her go ahead
    }
}

回复收藏 0 原文