views:

349

answers:

1

I am currently in the process of learning Struts 2 and I am currently building a simple application where unverified users are redirected to a login form.

I have a login form and action functional which takes the users credentials, verifies them and stores a User object in the session however I am now trying to prevent access to pages before the login has taken place and I am trying to do this with an interceptor.

My problem is that I have written an interceptor that checks whether the User object has been saved in the session but if it has not I want to redirect to the login page and can't find any way of doing this without bypassing struts and using the HttpServletResponse.sendRedirect method

Configuration:

<package name="mypackage" extends="struts-default" namespace="/admin">

    <interceptors>
        <interceptor name="login" class="my.LoginInterceptor" />
    </interceptors>

    <default-interceptor-ref name="login"/>

    <action name="login" class="my.LoginAction">
        <result name="input">/admin/login.jsp</result>
        <result name="success" type="redirect">/admin</result>
    </action>

    <action name="private" class="my.PrivateAction">
        <result>/admin/private.jsp</result>
    </action>

</package>

The interceptor code:

@Override
public String intercept(ActionInvocation inv) throws Exception {

    Map<String, Object> session = inv.getInvocationContext().getSession();

    Object user = session.get("user");
    if(user == null) {

                      // redirect to the 'login' action here            

    }
    else {
        return inv.invoke();
    }

}
A: 

The standard way is to return a special global result (eg "login") and define a global mapping from that result to your admin/login.jsp. So you just must add this line:

if(user == null) {
      return "login";
}

And in your struts.xml:

<global-results>
   <result name="login">/admin/login.jsp</result>
</global-results>

BTW, I'm afraid that you are replacing the default Struts2 interceptor stack with your single interceptor, normally you want to add your interceptor to the stack. Eg:

<interceptors>
 <interceptor name="login" class="my.LoginInterceptor" />

 <interceptor-stack name="stack-with-login">
  <interceptor-ref name="login"/>
  <interceptor-ref name="defaultStack"/>
 </interceptor-stack>
</interceptors>
<default-interceptor-ref name="stack-with-login"/>

BTW2: You must NOT apply the interceptor to your login action, of course.

leonbloy
Thank you, and extra thanks for the bonus guidance. How would i go about preventing the interceptor from catching the login action?
murdoch
Actually, i worked that out for my self, i just put <interceptor-ref name="defaultStack"/> into the login action.
murdoch
Yes, that's one way.
leonbloy