上次说了利用服务器进行登录的安全验证，在进行安全的服务器验证后，进入被保护的资源，例如welcome页面，现在的问题是，如果欢迎页面要求作一些数据操作，例如动态菜单等，可是我们登录提交的是j_security_check，这是系统自身完成的，应该如何完成这些工作呢？我采用的方法是将welcome-file指定为一个servlet,如下：

<welcome-file-list>
    <welcome-file>/indexservlet</welcome-file>
  </welcome-file-list>

 

IndexServlet如下：

public class IndexServlet extends HttpServlet {
    private static final String CONTENT_TYPE = "text/html; charset=UTF-8";

    //Initialize global variables
    public void init() throws ServletException {
    }

    //Process the HTTP Get request
    public void doGet(HttpServletRequest request, HttpServletResponse response) throws
            ServletException, IOException {
        response.setContentType(CONTENT_TYPE);
        if (request.getUserPrincipal() != null) {
            String userid = request.getUserPrincipal().getName();

            IndexOperImpl oper = new IndexOperImpl();
            Class cls = oper.getClass();
            InvocationHandler ds = new OperProxy(oper);
            IndexOperInterface operi = (IndexOperInterface) Proxy.
                                       newProxyInstance(cls.getClassLoader(),
                    cls.getInterfaces(), ds);
            UserQuery userquery = new UserQuery();
            userquery.setUser_id(userid);

            User user1 = operi.getUserInfo(userquery);
            MenuItemList menulist = operi.getMenuItemList(user1);
            WorkItemList worklist = operi.getWorkItemList(user1);
            if (user1 != null) {
                request.getSession().setAttribute("userid", user1.getUser_id());
                request.getSession().setAttribute("username",
                                                  user1.getUser_name());
                request.getSession().setAttribute("department",
                                                  user1.getUser_department());
            }
            if (menulist != null) {
                request.getSession().setAttribute("menulistbean",
                                                  menulist.getMenulist());
            }
            if (worklist != null) {
                request.getSession().setAttribute("worklistbean",
                                                  worklist.getWorkItemList());
            }

            response.sendRedirect(response.encodeRedirectURL("/index.jsp"));
        }
    }

    //Process the HTTP Post request
    public void doPost(HttpServletRequest request, HttpServletResponse response) throws
            ServletException, IOException {
        doGet(request, response);
    }

    //Clean up resources
    public void destroy() {
    }
}

 

如上描述，request.getUserPrincipal().getName();方法获得登录后的用户编号，黄底色的是代理实现，这里的代理对象叫operi,使用getUserInfo(UserQuery userquery)方法从后台获取用户信息，getUserInfo是前后台接口方法UserQuery 是前后台数据传输的DTO.同样，workItemList和MenuItemList都是DTO，而getWorkItemList和getMenuItemList则是接口方法。将获得的数据存放在session里，最后，使用response.sendRedirect(response.encodeRedirectURL("/index.jsp"));将页面定位到index.jsp，response.encodeRedirectURL重写方法可以防止因客户禁用cookie而导致sessionid不能传输的问题。