sshe源码分析——全局架构

 <!-- 需要拦截的JSP -->

    <filter>

        <filter-name>sessionFilter</filter-name>

        <filter-class>sy.util.base.SessionFilter</filter-class>

        <init-param>

            <param-name>include</param-name>

            <!-- 在securityJsp这个文件夹下面的所有JSP页面，都需要有session才能访问，可以配置多个，用英文半角逗号分割 -->

            <param-value>securityJsp</param-value>

        </init-param>

    </filter>

    <filter-mapping>

        <filter-name>sessionFilter</filter-name>

        <url-pattern>*.jsp</url-pattern>

    </filter-mapping>

  <!-- 用户上下线监听器 -->

    <listener>

        <listener-class>sy.util.base.OnlineListener</listener-class>

    </listener>

<!-- session拦截器 -->

<interceptor name="sessionInterceptor" class="sy.interceptor.base.SessionInterceptor" />

<interceptor-stack name="sessionStack">

<interceptor-ref name="encodingStack"></interceptor-ref>

<interceptor-ref name="sessionInterceptor">

<!-- doNotNeedSessionAndSecurity_ 开头的和doNotNeedSession_ 开头的方法不拦截 -->

<param name="excludeMethods">doNotNeedSession_*,doNotNeedSessionAndSecurity_*</param>

</interceptor-ref>

</interceptor-stack>

<!-- 权限拦截器 -->

<interceptor name="securityInterceptor" class="sy.interceptor.base.SecurityInterceptor" />

<interceptor-stack name="securityStack">

<interceptor-ref name="sessionStack"></interceptor-ref>

<interceptor-ref name="securityInterceptor">

<!-- doNotNeedSessionAndSecurity_ 开头的和doNotNeedSecurity_ 开头的方法不拦截 -->

<param name="excludeMethods">doNotNeedSecurity_*,doNotNeedSessionAndSecurity_*</param>

</interceptor-ref>

</interceptor-stack>

</interceptors>

<global-results>

<!-- 没有session -->

<result name="noSession">/error/noSession.jsp</result>

<!-- 没有权限 -->

<result name="noSecurity">/error/noSecurity.jsp</result>

<!-- struts抛异常 -->

<result name="strutsException">/error/strutsException.jsp</result>

</global-results>

<global-exception-mappings>

<exception-mapping result="strutsException" exception="java.lang.Exception"></exception-mapping>

</global-exception-mappings>