struts2 应用程序中的会话 [英] Sessions in struts2 application

问题描述

我创建了一个网络应用程序，我需要在其中维护会话如果存在用户会话，则只有到那时它才会允许用户看到 jsp.

I have created a web application in which I need to maintain the session if a user session is there, and then and only then will it allow the user to see the jsp.

我以前使用过 jsp servlet，但我是 struts2 的新手.

I have worked with jsp servlets before, but I'm new to struts2.

这里我在我的操作类中设置用户名:

修订代码

private HttpSession session;

public void setSession(HttpSession session) {
    // TODO Auto-generated method stub0
    this.session = session;
}

public HttpSession getSession() {
    return session;
}

public String getLoginStatus(){     
    session = request.getSession();
    session.setAttribute("userName", loginBean.getUsername());
    return SUCCESS;
}

现在，当我在某个操作后被重定向到下一页时，它会显示一次会话值.之后，在每个页面上，我都在会话中找到空值.

Now, when I am redirected to next page after an action, it shows the session value once. After that, on every page, I am finding null values in session.

<%
    String userName = (String)session.getAttribute("userName");             
    System.out.println(userName);                        

    if(userName == null || userName.equals("") ){
        response.sendRedirect("login.jsp");
    }

%>

我在某处读到操作类会话的范围仅限于一页 - 我该如何解决这个问题?

I read somewhere that the scope of an action class session is limited to one page - how could I solve this problem?

任何例子都会对我很有帮助.

Any example will be very helpful to me.

推荐答案

您当前拥有的代码存在一些问题.

There are a few problems with the code you currently have.

• 您应该使用拦截器来强制用户登录，而不是尝试在 JSP 中强制它.JSP 应该只用于展示，而不是用于流程控制.
• 您应该避免在 JSP 中使用 scriptlet(代码块).这在很久以前就已被弃用，并且被广泛认为是 MVC 应用程序中非常糟糕的做法.
• 您可以直接在 JSP 中访问会话值.您不需要在操作中实现 SessionAware 接口，除非您需要访问操作本身内部的会话.
• 您应该将用户重定向到登录操作，而不是直接重定向到 JSP 页面，否则您将绕过 Struts2 框架并失去使用该框架的好处.

• You should use an Interceptor to enforce that the user is logged in, rather than trying to enforce it in the JSP. JSP should only be for presentation, not for flow control.
• You should avoid scriptlets (blocks of code) in JSP. That was deprecated a really long time ago and is widely considered to be a very poor practice in an MVC application.
• You can access session values in your JSP directly. You do not need to implement the SessionAware interface in your action unless you need access to the session inside of the action itself.
• You should redirect the user to a login action, not directly to a JSP page, otherwise you are bypassing the Struts2 framework and losing out on the benefits of using the framework.

下面是一些使用 Struts2 框架创建基本登录系统的示例代码.

Below is some example code for creating a basic login system using the Struts2 framework.

这部分是可选的，但一般来说，并不是所有的网页应用都需要用户登录.因此，让我们创建一个名为LoginRequired的界面.如果用户尚未登录，则任何实现此标记接口的操作都将重定向到登录页面.

This part is optional, but in general, not all pages in a web application will require the user to be logged in. Therefore, let's create an interface called LoginRequired. Any action that implements this marker interface will redirect to the login page if the user is not already logged in.

注意:如果您愿意，您可以使用注释代替，但在本示例中，我将使用界面.

Note: You can use an annotation instead, if you prefer, but for this example I will use the interface.

public interface LoginRequired {}

拦截器

拦截器将处理强制用户登录任何实现LoginRequired接口的请求操作.

public class LoginInterceptor extends AbstractInterceptor {
    @Override
    public String intercept(final ActionInvocation invocation) throws Exception {
        Map<String, Object> session = ActionContext.getContext().getSession();

        // sb: feel free to change this to some other type of an object which
        // represents that the user is logged in. for this example, I am using
        // an integer which would probably represent a primary key that I would
        // look the user up by with Hibernate or some other mechanism.
        Integer userId = (Integer) session.get("userId");

        // sb: if the user is already signed-in, then let the request through.
        if (userId != null) {
            return invocation.invoke();
        }

        Object action = invocation.getAction();

        // sb: if the action doesn't require sign-in, then let it through.
        if (!(action instanceof LoginRequired)) {
            return invocation.invoke();
        }

        // sb: if this request does require login and the current action is
        // not the login action, then redirect the user
        if (!(action instanceof LoginAction)) {
            return "loginRedirect";
        }

        // sb: they either requested the login page or are submitting their
        // login now, let it through
        return invocation.invoke();
    }
}

您还需要一个 LoginAction 来显示和处理登录页面，以及一个 LogoutAction 来使会话无效或清除.

You will also need a LoginAction which displays and processes the login page and a LogoutAction which invalidates or clears the session.

您需要将拦截器添加到堆栈中，并为loginRedirect"创建全局结果映射.

You will need to add the interceptor to your stack and also create a global result mapping for "loginRedirect".

<interceptors>
    <interceptor name="login" class="your.package.LoginInterceptor"/>

    <!-- sb: you need to configure all of your interceptors here. i'm only
         listing the one we created for this example. -->
    <interceptor-stack name="yourStack">
        ...
        <interceptor-ref name="login"/>
        ...
    </interceptor-stack>
</interceptors>

<global-results>
    <!-- sb: make this the path to your login action.
         this could also be a redirectAction type. -->
    <result name="loginRedirect" type="redirect">/login</url>
</global-results>

这篇关于struts2 应用程序中的会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！