1 web.xml里添加filter配置信息。
        

<filter>
                <filter-name>Authentication</filter-name>
                <filter-class>
                        com.nova.colimas.web.filters.AuthenticationFilter 
                </filter-class>
                <init-param>
                        <param-name>onError</param-name>
                        <param-value>/pages/index.jsp</param-value>
                </init-param>
        </filter>
        <filter-mapping>
                <filter-name>Authentication</filter-name>
                <url-pattern>/protect/*</url-pattern>
        </filter-mapping>

<filter-class>定义使用com.nova.colimas.web.filters.AuthenticationFilter类执行过滤Action。
<init-param>当验证失败后Forward到/pages/index.jsp
<filter-mapping>只有当地址包括/protect/时运行filter类

2 实现com.nova.colimas.web.filters.AuthenticationFilter

package com.nova.colimas.web.filters;

import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.*;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;

import com.nova.colimas.web.bean.UserBean;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.struts.Globals;
import org.apache.struts.action.*;
import com.nova.colimas.web.constants.Constants;

/**
 * Filter implementation for user authentication。必须实现Filter接口
 * @author tyrone
 * @version $Id: AuthenticationFilter.java,v 1.0
 */
public class AuthenticationFilter implements Filter
{
        
        /**
         * filterConfig will store the reference of FilterConfig
         */
        private FilterConfig filterConfig;
        
        private String onErrorUrl;

        /**
         * store the reference of the FilterConfig.
         * @param config FilterConfig object
         * @throws ServletException
         */
        public void init(FilterConfig config) throws ServletException
        {
//获得验证失败forward地址
                filterConfig = config;
                onErrorUrl=filterConfig.getInitParameter("onError");
                if (onErrorUrl==null || "".equals(onErrorUrl)){
                        onErrorUrl="/pages/index.jsp";
                }
        }
        /**
         * User Authentication is  done. If User is authenticated successful then
         * control is transferred to logon URI
         * @param ServletRequest Request
         * @param ServletRequest Response
         * @param FilterChain Filter Chain
         * @throws ServletException,IOException
         */
        public void doFilter(ServletRequest request, ServletResponse response, FilterChain next)
                        throws IOException, ServletException
        {
                HttpServletRequest httpRequest = (HttpServletRequest)request;
                HttpServletResponse httpResponse=(HttpServletResponse)response;
                // Current session
                HttpSession httpSession = httpRequest.getSession();
//Session里是否有用户信息。
                if (httpSession.getAttribute(Constants.USER_KEY) == null)
                {
                        ActionErrors errors=new ActionErrors();
                        errors.add(ActionErrors.GLOBAL_ERROR,
                                        new ActionError("error authentication"));
                        httpRequest.setAttribute(Globals.ERROR_KEY,errors);
                //没有，验证失败forward到/pages/index.jsp        httpRequest.getRequestDispatcher(onErrorUrl).forward(httpRequest,httpResponse);
                }else
//成果过滤Action结束
                        next.doFilter(request,response);
                
        }

        /**
         * destroy() method is called by the servlet container
         */
        public void destroy()
        {
        }
        
}