struts2 需要加一个拦截器在action中做登录验证校验，主要的思想是登录后在session中存储一个标志，然后在过滤器中验证这个标志，如果有则通过验证。如果没有，则返回到登录页面。

过滤器代码如下，我把标志就设置为username，需要修改的同学自己改名字

package com.tc.blacktea.util;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts2.ServletActionContext;
import org.apache.struts2.dispatcher.ServletRedirectResult;

import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;

public class LoginInterceptor implements Interceptor {
private static final long serialVersionUID = -2255797147687651066L;
private static final Log log = LogFactory.getLog(LoginInterceptor.class);
public String intercept(ActionInvocation invocation) throws Exception {
final ActionContext context = invocation.getInvocationContext();
HttpServletRequest request = (HttpServletRequest) context.get(ServletActionContext.HTTP_REQUEST);
HttpSession session = request.getSession();
String username=(String)session.getAttribute("username");
if (username == null) {
ServletRedirectResult result = new ServletRedirectResult();
result.setLocation("/toLogin.action");
try {
result.execute(invocation);
} catch (Exception ex) {
log.error("Unable to create debugging console", ex);
}
return Action.NONE;
}
return invocation.invoke();
}

public void destroy() {

}

public void init() {

}

}