Struts1拦截器插件运用
Struts1拦截器插件使用
最近处理以前项目的一些漏洞需要对from中的String字段做一下过滤再显示到页面,每一个action都做修改是不现实的,原本想写个servlet来处理但是考虑有些麻烦,因此搜了一下拦截器发现有人实现了struts1的拦截器,用这个比较方便,感谢这些奉献的人!
关于struts1的拦截器,一般是通过struts插件进行注册,网络上有2个开源组件的实现。
saif-0[1].1.jar和saif-spring.jar(该包依赖spring-webmvc-struts.jar包),不知2者是什么关系,本人根据比较后使用的是前者。下面详细介绍这2个组件:
现实一个action
/**
*
*/
package com.test;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
/**
* @author Administrator
*
*/
public class TestAction extends Action {
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
System.out.println("testt ......");
return mapping.findForward("index");
}
}
struts配置:
<action-mappings>
<action path="/browser" type="com.test.TestAction">
<forward name="index" path="/index.jsp" />
<forward name="index0" path="/index0.jsp" />
</action>
</action-mappings>
1、saif
a.实现拦截器
package com.test;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;
public class DisplayInterceptor implements net.sf.struts.saif.ActionInterceptor {
public void afterAction(Action arg0, ActionMapping arg1, ActionForm arg2,
HttpServletRequest arg3, HttpServletResponse arg4)
throws IOException, ServletException {
System.out.println("after interceptor......");
}
public void beforeAction(Action arg0, ActionMapping arg1, ActionForm arg2,
HttpServletRequest arg3, HttpServletResponse arg4)
throws IOException, ServletException {
System.out.println("before interceptor......");
}
}
这里也可以继承自ComponentInterceptor类。
b.拦截器配置文件interceptor-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<interceptor-config>
<interceptor name="displayInterceptor" type="com.test.DisplayInterceptor"/>
<default-interceptors>
<interceptor name="displayInterceptor"/>
</default-interceptors>
</interceptor-config>
c.struts配置文件中配上该插件
<plug-in className="net.sf.struts.saif.SAIFPlugin">
<set-property property="interceptor-config" value="/WEB-INF/interceptor-config.xml"/>
</plug-in>
d.部署完毕有即可测试。
2、saif-spring.jar+spring-webmvc-struts.jar
a.实现拦截器
package com.test;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
public class DisplaySpringInterceptor implements net.sf.struts.saif.ActionHaveForwardInterceptor {
public ActionForward afterAction(Action arg0, ActionMapping arg1,
ActionForm arg2, HttpServletRequest arg3, HttpServletResponse arg4)
throws IOException, ServletException {
System.out.println("after Spring interceptor......");
return arg1.findForward("index0");
}
public ActionForward beforeAction(Action arg0, ActionMapping arg1,
ActionForm arg2, HttpServletRequest arg3, HttpServletResponse arg4)
throws IOException, ServletException {
System.out.println("before Spring interceptor......");
return arg1.findForward("index0");
}
}
b.拦截器配置文件interceptor-config1.xml
<?xml version="1.0" encoding="UTF-8"?>
<interceptor-config>
<interceptor name="displayInterceptor1" type="com.test.DisplaySpringInterceptor"/>
<action type="/browser">
<interceptor name="displayInterceptor1" />
</action>
<!--
<default-interceptors>
<interceptor name="displayInterceptor1"/>
</default-interceptors>-->
</interceptor-config>
c.struts配置文件中配上该插件
<plug-in className="net.sf.struts.saif.SAIFSpringPlugin">
<set-property property="interceptor-config" value="/WEB-INF/interceptor-config1.xml"/>
</plug-in>
d.部署完毕有即可测试。
注意:测试时要屏蔽一个插件,不能同时使用。
区别:1)前者不能针对某个action进行拦截而后者可以,但不能拦截到具体的方法;因此前者配置为默认拦截,后者可以默认也可以指定action,<action type="/browser"> 这里是action的名称。
2)前者依次执行完 beforeAction 、action和afterAction后跳转到action的ActionForward路径。后者执行beforeAction后如果该方法返回的ActionForward不为null就会执行跳转因此action将不会执行,如果为null则继续执行action;同样action的ActionForward不为null也执行跳转,afterAction则不会执行;否则就执行并跳转到afterAction的ActionForward路径。
以上执行逻辑与反编译后的代码是一致的,代码如下:
saif.jar ->net.sf.struts.saif.SAIFRequestProcessor
/* */ protected ActionForward processActionPerform(HttpServletRequest request, HttpServletResponse response, Action action, ActionForm form, ActionMapping mapping)
/* */ throws IOException, ServletException
/* */ {
/* 89 */ this.helper.beforeAction(request, response, action, form, mapping);
/* */
/* 91 */ ActionForward forward = super.processActionPerform(request, response, action, form, mapping);
/* */
/* 94 */ this.helper.afterAction(request, response, action, form, mapping);
/* */
/* 96 */ return forward;
/* */ }
/* */ }
saif-spring.jar ->net.sf.struts.saif.SAIFSpringRequestProcessor
protected ActionForward processActionPerform(HttpServletRequest request, HttpServletResponse response, Action action, ActionForm form, ActionMapping mapping)
/* */ throws IOException, ServletException
/* */ {
/* 58 */ ActionForward forward = this.helper.beforeAction(request, response, action, form, mapping);
/* 59 */ if (forward != null) {
/* 60 */ return forward;
/* */ }
/* 62 */ forward = super.processActionPerform(request, response, action, form, mapping);
/* 63 */ if (forward != null) {
/* 64 */ return forward;
/* */ }
/* 66 */ forward = this.helper.afterAction(request, response, action, form, mapping);
/* */
/* 68 */ return forward;
/* */ }
/* */ }
这2个实现都继承org.apache.struts.action.RequestProcessor。
完整的工程在附件中。
最近处理以前项目的一些漏洞需要对from中的String字段做一下过滤再显示到页面,每一个action都做修改是不现实的,原本想写个servlet来处理但是考虑有些麻烦,因此搜了一下拦截器发现有人实现了struts1的拦截器,用这个比较方便,感谢这些奉献的人!
关于struts1的拦截器,一般是通过struts插件进行注册,网络上有2个开源组件的实现。
saif-0[1].1.jar和saif-spring.jar(该包依赖spring-webmvc-struts.jar包),不知2者是什么关系,本人根据比较后使用的是前者。下面详细介绍这2个组件:
现实一个action
/**
*
*/
package com.test;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
/**
* @author Administrator
*
*/
public class TestAction extends Action {
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
System.out.println("testt ......");
return mapping.findForward("index");
}
}
struts配置:
<action-mappings>
<action path="/browser" type="com.test.TestAction">
<forward name="index" path="/index.jsp" />
<forward name="index0" path="/index0.jsp" />
</action>
</action-mappings>
1、saif
a.实现拦截器
package com.test;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;
public class DisplayInterceptor implements net.sf.struts.saif.ActionInterceptor {
public void afterAction(Action arg0, ActionMapping arg1, ActionForm arg2,
HttpServletRequest arg3, HttpServletResponse arg4)
throws IOException, ServletException {
System.out.println("after interceptor......");
}
public void beforeAction(Action arg0, ActionMapping arg1, ActionForm arg2,
HttpServletRequest arg3, HttpServletResponse arg4)
throws IOException, ServletException {
System.out.println("before interceptor......");
}
}
这里也可以继承自ComponentInterceptor类。
b.拦截器配置文件interceptor-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<interceptor-config>
<interceptor name="displayInterceptor" type="com.test.DisplayInterceptor"/>
<default-interceptors>
<interceptor name="displayInterceptor"/>
</default-interceptors>
</interceptor-config>
c.struts配置文件中配上该插件
<plug-in className="net.sf.struts.saif.SAIFPlugin">
<set-property property="interceptor-config" value="/WEB-INF/interceptor-config.xml"/>
</plug-in>
d.部署完毕有即可测试。
2、saif-spring.jar+spring-webmvc-struts.jar
a.实现拦截器
package com.test;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
public class DisplaySpringInterceptor implements net.sf.struts.saif.ActionHaveForwardInterceptor {
public ActionForward afterAction(Action arg0, ActionMapping arg1,
ActionForm arg2, HttpServletRequest arg3, HttpServletResponse arg4)
throws IOException, ServletException {
System.out.println("after Spring interceptor......");
return arg1.findForward("index0");
}
public ActionForward beforeAction(Action arg0, ActionMapping arg1,
ActionForm arg2, HttpServletRequest arg3, HttpServletResponse arg4)
throws IOException, ServletException {
System.out.println("before Spring interceptor......");
return arg1.findForward("index0");
}
}
b.拦截器配置文件interceptor-config1.xml
<?xml version="1.0" encoding="UTF-8"?>
<interceptor-config>
<interceptor name="displayInterceptor1" type="com.test.DisplaySpringInterceptor"/>
<action type="/browser">
<interceptor name="displayInterceptor1" />
</action>
<!--
<default-interceptors>
<interceptor name="displayInterceptor1"/>
</default-interceptors>-->
</interceptor-config>
c.struts配置文件中配上该插件
<plug-in className="net.sf.struts.saif.SAIFSpringPlugin">
<set-property property="interceptor-config" value="/WEB-INF/interceptor-config1.xml"/>
</plug-in>
d.部署完毕有即可测试。
注意:测试时要屏蔽一个插件,不能同时使用。
区别:1)前者不能针对某个action进行拦截而后者可以,但不能拦截到具体的方法;因此前者配置为默认拦截,后者可以默认也可以指定action,<action type="/browser"> 这里是action的名称。
2)前者依次执行完 beforeAction 、action和afterAction后跳转到action的ActionForward路径。后者执行beforeAction后如果该方法返回的ActionForward不为null就会执行跳转因此action将不会执行,如果为null则继续执行action;同样action的ActionForward不为null也执行跳转,afterAction则不会执行;否则就执行并跳转到afterAction的ActionForward路径。
以上执行逻辑与反编译后的代码是一致的,代码如下:
saif.jar ->net.sf.struts.saif.SAIFRequestProcessor
/* */ protected ActionForward processActionPerform(HttpServletRequest request, HttpServletResponse response, Action action, ActionForm form, ActionMapping mapping)
/* */ throws IOException, ServletException
/* */ {
/* 89 */ this.helper.beforeAction(request, response, action, form, mapping);
/* */
/* 91 */ ActionForward forward = super.processActionPerform(request, response, action, form, mapping);
/* */
/* 94 */ this.helper.afterAction(request, response, action, form, mapping);
/* */
/* 96 */ return forward;
/* */ }
/* */ }
saif-spring.jar ->net.sf.struts.saif.SAIFSpringRequestProcessor
protected ActionForward processActionPerform(HttpServletRequest request, HttpServletResponse response, Action action, ActionForm form, ActionMapping mapping)
/* */ throws IOException, ServletException
/* */ {
/* 58 */ ActionForward forward = this.helper.beforeAction(request, response, action, form, mapping);
/* 59 */ if (forward != null) {
/* 60 */ return forward;
/* */ }
/* 62 */ forward = super.processActionPerform(request, response, action, form, mapping);
/* 63 */ if (forward != null) {
/* 64 */ return forward;
/* */ }
/* 66 */ forward = this.helper.afterAction(request, response, action, form, mapping);
/* */
/* 68 */ return forward;
/* */ }
/* */ }
这2个实现都继承org.apache.struts.action.RequestProcessor。
完整的工程在附件中。