上次说了利用服务器进行登录的安全验证,在进行安全的服务器验证后,进入被保护的资源,例如welcome页面,现在的问题是,如果欢迎页面要求作一些数据操作,例如动态菜单等,可是我们登录提交的是j_security_check,这是系统自身完成的,应该如何完成这些工作呢?我采用的方法是将welcome-file指定为一个servlet,如下:
<welcome-file-list>
<welcome-file>/indexservlet</welcome-file>
</welcome-file-list>
<welcome-file>/indexservlet</welcome-file>
</welcome-file-list>
IndexServlet如下:
public class IndexServlet extends HttpServlet {
private static final String CONTENT_TYPE = "text/html; charset=UTF-8";
private static final String CONTENT_TYPE = "text/html; charset=UTF-8";
//Initialize global variables
public void init() throws ServletException {
}
public void init() throws ServletException {
}
//Process the HTTP Get request
public void doGet(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException {
response.setContentType(CONTENT_TYPE);
if (request.getUserPrincipal() != null) {
String userid = request.getUserPrincipal().getName();
public void doGet(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException {
response.setContentType(CONTENT_TYPE);
if (request.getUserPrincipal() != null) {
String userid = request.getUserPrincipal().getName();
IndexOperImpl oper = new IndexOperImpl();
Class cls = oper.getClass();
InvocationHandler ds = new OperProxy(oper);
IndexOperInterface operi = (IndexOperInterface) Proxy.
newProxyInstance(cls.getClassLoader(),
cls.getInterfaces(), ds);
UserQuery userquery = new UserQuery();
userquery.setUser_id(userid);
Class cls = oper.getClass();
InvocationHandler ds = new OperProxy(oper);
IndexOperInterface operi = (IndexOperInterface) Proxy.
newProxyInstance(cls.getClassLoader(),
cls.getInterfaces(), ds);
UserQuery userquery = new UserQuery();
userquery.setUser_id(userid);
User user1 = operi.getUserInfo(userquery);
MenuItemList menulist = operi.getMenuItemList(user1);
WorkItemList worklist = operi.getWorkItemList(user1);
if (user1 != null) {
request.getSession().setAttribute("userid", user1.getUser_id());
request.getSession().setAttribute("username",
user1.getUser_name());
request.getSession().setAttribute("department",
user1.getUser_department());
}
if (menulist != null) {
request.getSession().setAttribute("menulistbean",
menulist.getMenulist());
}
if (worklist != null) {
request.getSession().setAttribute("worklistbean",
worklist.getWorkItemList());
}
MenuItemList menulist = operi.getMenuItemList(user1);
WorkItemList worklist = operi.getWorkItemList(user1);
if (user1 != null) {
request.getSession().setAttribute("userid", user1.getUser_id());
request.getSession().setAttribute("username",
user1.getUser_name());
request.getSession().setAttribute("department",
user1.getUser_department());
}
if (menulist != null) {
request.getSession().setAttribute("menulistbean",
menulist.getMenulist());
}
if (worklist != null) {
request.getSession().setAttribute("worklistbean",
worklist.getWorkItemList());
}
response.sendRedirect(response.encodeRedirectURL("/index.jsp"));
}
}
}
}
//Process the HTTP Post request
public void doPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException {
doGet(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException {
doGet(request, response);
}
//Clean up resources
public void destroy() {
}
}
public void destroy() {
}
}
如上描述,request.getUserPrincipal().getName();方法获得登录后的用户编号,黄底色的是代理实现,这里的代理对象叫operi,使用getUserInfo(UserQuery userquery)方法从后台获取用户信息,getUserInfo是前后台接口方法UserQuery 是前后台数据传输的DTO.同样,workItemList和MenuItemList都是DTO,而getWorkItemList和getMenuItemList则是接口方法。将获得的数据存放在session里,最后,使用response.sendRedirect(response.encodeRedirectURL("/index.jsp"));将页面定位到index.jsp,response.encodeRedirectURL重写方法可以防止因客户禁用cookie而导致sessionid不能传输的问题。
