在web.xml中配置过滤：

LoginFilter

com.verification.action.LoginFilter

LoginFilter

y/form/dealParse.do

/*  拦截所有请求

/.do   拦截以“.do”结尾的请求

/index.jsp  拦截指定的jsp

/artery/form/*  拦截该目录下的所有请求

等等

拦截器，拦截请求类：

思路：比较“由登录页面登录后的session中属性值”和“通过url直接访问的session中的属性值”，找到其中不一样的，这就是判断依据。(判断依据可以参考登录逻辑类的代码)

import java.io.IOException;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

/**

* 主页面拦截,必须从登陆页面进入index

*/

public class LoginFilter implements Filter {

@Override

public void destroy() {

}

@Override

public void doFilter(ServletRequest servletRequest,

ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {

HttpServletRequest request = (HttpServletRequest) servletRequest;

HttpServletResponse response = (HttpServletResponse) servletResponse;

HttpSession hs = request.getSession();

if ("ture".equals(hs.getAttribute("isLogin"))) {//登录后，进入session查看session中的登录状态找到判断依据，

chain.doFilter(request, response);

return;

}

response.sendRedirect(request.getContextPath() + "/login.jsp");

}

@Override

public void init(FilterConfig arg0) throws ServletException {

}

}

登录逻辑代码：

import javax.crypto.spec.DESedeKeySpec;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

import org.apache.struts.action.Action;

import org.apache.struts.action.ActionForm;

import org.apache.struts.action.ActionForward;

import org.apache.struts.action.ActionMapping;

import com.thunisoft.artery.module.config.ArteryConfigUtil;

import com.thunisoft.summer.component.crypto.CryptFactory;

import com.thunisoft.summer.component.crypto.CryptUtil;

import com.thunisoft.verification.bean.IdentityBean;

/**

* 登录页身份认证

* @author sunwenhao

*/

public class IdentityVerificationAction extends Action {

private final Log logger = LogFactory.getLog(IdentityVerificationAction.class);

private static final String IS_LOGIN_KEY = "isLogin";//在此处设置了登录的判断属性

private static final String IS_LOGIN_VALUE = "ture";//在此处设置了登录的属性的判断初始属性

private static final String SEC_STR="Hso2ThxNiSofHso2ThxNiSof";

@Override

public ActionForward execute(ActionMapping mapping, ActionForm form,

HttpServletRequest request, HttpServletResponse response)

throws Exception {

IdentityBean identityInfo = (IdentityBean)form;

boolean success = verificationInfo(identityInfo);

//如果验证身份成功或者不使用登录页

if(success) {

request.getSession().setAttribute(IS_LOGIN_KEY, IS_LOGIN_VALUE);

return mapping.findForward("success");

}

request.setAttribute("msg", "用户名或密码错误");

return mapping.findForward("fail");

}

/**

* 是否登录

*

* @param request

* @param response

*

* @return

*/

public static boolean isLogin(HttpServletRequest request, HttpServletResponse response) {

String isLogin = (String)request.getSession().getAttribute(IS_LOGIN_KEY);

return IS_LOGIN_VALUE.equals(isLogin);

}

/**

* 验证登录信息

*

* @param request

* @param response

*

* @return

*/

private boolean verificationInfo(IdentityBean identityInfo) {

String user = identityInfo.getUsername();

String pwd = identityInfo.getPassword();

pwd=CryptUtil.encrypt(CryptFactory.ALGORITHM_3DES, pwd, SEC_STR);

String username = ArteryConfigUtil.getProperty("username");

String password = ArteryConfigUtil.getProperty("password");

try {

if(username.equals(user) && password.equals(pwd))

return true;

return false;

} catch (Exception e) {

logger.error("验证用户名和密码时出现错误.");

return false;

}

}

}