1 web.xml里添加filter配置信息。
　　<filter>
　　<filter-name>authentication</filter-name>
　　<filter-class>
　　com.nova.colimas.web.filters.authenticationfilter
　　</filter-class>
　　<init-param>
　　<param-name>onerror</param-name>
　　<param-value>/pages/index.jsp</param-value>
　　</init-param>
　　</filter>
　　<filter-mapping>
　　<filter-name>authentication</filter-name>
　　<url-pattern>/protect/*</url-pattern>
　　</filter-mapping>
　　<filter-class>定义使用com.nova.colimas.web.filters.authenticationfilter类执行过滤action。
　　<init-param>当验证失败后forward到/pages/index.jsp
　　<filter-mapping>只有当地址包括/protect/时运行filter类
　　
　　2 实现com.nova.colimas.web.filters.authenticationfilter
　　package com.nova.colimas.web.filters;
　　import java.io.ioexception;
　　import javax.servlet.requestdispatcher;
　　import javax.servlet.servletexception;
　　import javax.servlet.http.*;
　　import javax.servlet.filter;import javax.servlet.filterchain;
　　import javax.servlet.filterconfig;
　　import com.nova.colimas.web.bean.userbean;
　　import javax.servlet.servletrequest;
　　import javax.servlet.servletresponse;import org.apache.struts.globals;
　　import org.apache.struts.action.*;
　　import com.nova.colimas.web.constants.constants;
　　/**
　　* filter implementation for user authentication。必须实现filter接口
　　* @author tyrone * @version $id: authenticationfilter.java,v 1.0
　　*/public class authenticationfilter implements filter{
　　/**
　　* filterconfig will store the reference of filterconfig
　　*/　 private filterconfig filterconfig;
　　private string onerrorurl;
　　/**
　　* store the reference of the filterconfig.
　　* @param config filterconfig object
　　* @throws servletexception
　　*/　 public void init(filterconfig config) throws servletexception
　　{//获得验证失败forward地址
　　filterconfig = config;
　　onerrorurl=filterconfig.getinitparameter("onerror");
　　if (onerrorurl==null || "".equals(onerrorurl)){
　　onerrorurl="/pages/index.jsp";
　　}
　　}
　　/**
　　* user authentication is　done. if user is authenticated successful then
　　* control is transferred to logon uri
　　* @param servletrequest request
　　* @param servletrequest response
　　* @param filterchain filter chain
　　* @throws servletexception,ioexception
　　*/　 public void dofilter(servletrequest request, servletresponse response, filterchain next)
　　throws ioexception, servletexception
　　{
　　httpservletrequest httprequest = (httpservletrequest)request;
　　httpservletresponse httpresponse=(httpservletresponse)response;
　　// current session
　　httpsession httpsession = httprequest.getsession();
　　//session里是否有用户信息。
　　if (httpsession.getattribute(constants.user_key) == null)
　　{
　　actionerrors errors=new actionerrors();
　　errors.add(actionerrors.global_error,
　　new actionerror("error authentication"));
　　httprequest.setattribute(globals.error_key,errors);
　　//没有，验证失败forward到/pages/index.jsp
　　httprequest.getrequestdispatcher(onerrorurl).forward(httprequest,httpresponse);
　　}else//成果过滤action结束
　　next.dofilter(request,response);
　　}
　　/**
　　* destroy() method is called by the servlet container
　　*/　 public void destroy()
　　{
　　}
　　}