Hello all,
I have a legacy application written with Struts 1. The only feature I was asked to add is to protect some actions. Currently any user can do whatever he/she wants. The idea is to allows all user see the data, but block modification operation, i.e. to modify data a user should log in.
I know Struts2 has interceptors, so I could attach them to required actions and forward users to log in page when needed. But how can I do similar thing in Struts 1 application?
My first idea was to create my own abstract Action class:
public class AuthenticatedAction {
public ActionForward execute(
ActionMapping mapping,
ActionForm form,
HttpServletRequest theRequest,
HttpServletResponse theResponse) {
if (!logged) {
// forward to log in form
} else {
doExecute(mapping, form, request, response);
}
}
public abstract ActionForward doExecute(
ActionMapping mapping,
ActionForm form,
HttpServletRequest theRequest,
HttpServletResponse theResponse);
}
Then change all actions that require authentication from
extends Action
to
extends AuthenticatedAction
then add login form, login action (which performs authentications and puts this status into the session) and change JSP header tile to display authentication block, e.g., "You are (not logged in)/", Login/Logout. As I guess this should solve the problem.
- If this doesn't solve the problem, please explain me why.
- Is there any better (more elegant like interceptors are) way to do this?
Thank you in advance.