在web.xml中配置過濾：

LoginFilter

com.verification.action.LoginFilter

LoginFilter

y/form/dealParse.do

/*? 攔截所有請求

/.do? ?攔截以“.do”結尾的請求

/index.jsp? 攔截指定的jsp

/artery/form/*? 攔截該目錄下的所有請求

等等

攔截器，攔截請求類：

思路：比較“由登錄頁面登錄后的session中屬性值”和“通過url直接訪問的session中的屬性值”，找到其中不一樣的，這就是判斷依據。(判斷依據可以參考登錄邏輯類的代碼)

import java.io.IOException;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

/**

* 主頁面攔截,必須從登陸頁面進入index

*/

public class LoginFilter implements Filter {

@Override

public void destroy() {

}

@Override

public void doFilter(ServletRequest servletRequest,

ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {

HttpServletRequest request = (HttpServletRequest) servletRequest;

HttpServletResponse response = (HttpServletResponse) servletResponse;

HttpSession hs = request.getSession();

if ("ture".equals(hs.getAttribute("isLogin"))) {//登錄后，進入session查看session中的登錄狀態找到判斷依據，

chain.doFilter(request, response);

return;

}

response.sendRedirect(request.getContextPath() + "/login.jsp");

}

@Override

public void init(FilterConfig arg0) throws ServletException {

}

}

登錄邏輯代碼：

import javax.crypto.spec.DESedeKeySpec;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

import org.apache.struts.action.Action;

import org.apache.struts.action.ActionForm;

import org.apache.struts.action.ActionForward;

import org.apache.struts.action.ActionMapping;

import com.thunisoft.artery.module.config.ArteryConfigUtil;

import com.thunisoft.summer.component.crypto.CryptFactory;

import com.thunisoft.summer.component.crypto.CryptUtil;

import com.thunisoft.verification.bean.IdentityBean;

/**

* 登錄頁身份認證

* @author sunwenhao

*/

public class IdentityVerificationAction extends Action {

private final Log logger = LogFactory.getLog(IdentityVerificationAction.class);

private static final String IS_LOGIN_KEY = "isLogin";//在此處設置了登錄的判斷屬性

private static final String IS_LOGIN_VALUE = "ture";//在此處設置了登錄的屬性的判斷初始屬性

private static final String SEC_STR="Hso2ThxNiSofHso2ThxNiSof";

@Override

public ActionForward execute(ActionMapping mapping, ActionForm form,

HttpServletRequest request, HttpServletResponse response)

throws Exception {

IdentityBean identityInfo = (IdentityBean)form;

boolean success = verificationInfo(identityInfo);

//如果驗證身份成功或者不使用登錄頁

if(success) {

request.getSession().setAttribute(IS_LOGIN_KEY, IS_LOGIN_VALUE);

return mapping.findForward("success");

}

request.setAttribute("msg", "用戶名或密碼錯誤");

return mapping.findForward("fail");

}

/**

* 是否登錄

*

* @param request

* @param response

*

* @return

*/

public static boolean isLogin(HttpServletRequest request, HttpServletResponse response) {

String isLogin = (String)request.getSession().getAttribute(IS_LOGIN_KEY);

return IS_LOGIN_VALUE.equals(isLogin);

}

/**

* 驗證登錄信息

*

* @param request

* @param response

*

* @return

*/

private boolean verificationInfo(IdentityBean identityInfo) {

String user = identityInfo.getUsername();

String pwd = identityInfo.getPassword();

pwd=CryptUtil.encrypt(CryptFactory.ALGORITHM_3DES, pwd, SEC_STR);

String username = ArteryConfigUtil.getProperty("username");

String password = ArteryConfigUtil.getProperty("password");

try {

if(username.equals(user) && password.equals(pwd))

return true;

return false;

} catch (Exception e) {

logger.error("驗證用戶名和密碼時出現錯誤.");

return false;

}

}

}