tags:

views:

245

answers:

1
Q: 

How to do URL authentication in struts2

Hi, I am using struts2.1.6 + Spring 2.5 I have four modules in my application.

  1. Registration Module
  2. Admin Module
  3. Quote Module
  4. Location Module.

In registration module the customer can register himself and only after registering he is supposed to have access of the remaining three modules.

I want to implement something like if the action being called belongs to the registration module it will work as normal but if the action being called belongs to the rest of those three modules it first should check if the user is logged-in and session has not timed-out. if yes it should proceed normally otherwise it should redirect to the login page.

Through research I have found out that interceptors could be used for this purpose but before proceeding I thought its better to get some feedback on it from experts.

Please suggest how it should be done and If possible put some code suggestions.

Here is my struts.xml file(The struts.xml contains four different config files belonging to each module):

    <struts>
    <include file="struts-default.xml" />
    <constant name="struts.i18n.reload" value="false" />
    <constant name="struts.objectFactory" value="spring" />
    <constant name="struts.devMode" value="false" />
    <constant name="struts.serve.static.browserCache" value="false" />
    <constant name="struts.enable.DynamicMethodInvocation" value="true" />
    <constant name="struts.multipart.maxSize" value="10000000" />
    <constant name="struts.multipart.saveDir" value="C:/Temporary_image_location" />

    <include file="/com/action/mappingFiles/registration_config.xml" />
    <include file="/com/action/mappingFiles/admin_config.xml" />
    <include file="/com/action/mappingFiles/quote.xml" />
    <include file="/com/action/mappingFiles/location_config.xml" />

</struts>

The sample registration_config.xml file is:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"&gt;
<struts>
    <package name="registration" extends="struts-default"
        namespace="/my_company">

        <action name="LoginView" class="registration" method="showLoginView">
            <result>....</result>
            <result name="input">...</result>
        </action>
         </package>
</struts>

The sample admin_config.xml file is:

<?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"&gt;
    <struts>
        <package name="admin" extends="struts-default"
            namespace="/my_company">

            <action name="viewAdmin" class="admin" method="showAdminView">
                <result>....</result>
                <result name="input">...</result>
            </action>
             </package>
    </struts>

Same code is there in the rest of two struts2 xml config files. I have used the same namespace in all the four config files with the different package names(As you can see)

A: 

Note: standard practice is to use a different namespace for each package, e.g. "/my_company/admin" for the admin package, etc.

Using interceptors is the right approach: it decouples authentication from the actions themselves. You can define two different interceptor stacks, one that requires the user to be logged in, and one which doesn't. Start by copying the interceptor stack from struts-default.xml, and then customize to your requirements. These definitions can be placed in an abstract base package:

<package name="my-base" abstract="true" extends="struts-default">
    <interceptors>
        <interceptor-stack name="login-required">
            <interceptor-ref name="exception"/>
            <interceptor-ref name="alias"/>
            <!-- etc -->
        </interceptor-stack>
        <interceptor-stack name="login-not-required">
            <!-- etc -->
        </interceptor-stack>
    </interceptors>
</package>

Then your other packages just need to extend this base package:

<package name="admin" extends="my-base" namespace="/my_company/admin">
    <default-interceptor-ref name="login-required"/>

    <!-- actions defined here -->
</package>
Todd Owen  2010-06-10 01:26:50
So, that means that I need create a custom interceptor lets say LoginInterceptor and in the interceptor stack name "login-required" I need to add that interceptor. Am I right?
Enrique Malhotra  2010-06-10 14:54:14
That's right. I think you can find some tutorials on the web, e.g. http://www.vitarara.org/cms/struts_2_cookbook/creating_a_login_interceptor
Todd Owen  2010-06-11 01:23:40

related questions

Java Frameworks War: Spring and Hibernate
Does having many unused beans in a Spring Bean Context waste significant resources?
Internationalization sitemesh
What are the best books for Spring and Spring MVC?
Can I compose a Spring Configuration File from smaller ones?
How do you maintain java webapps in different staging environments?
Best resources to prepare for the "Spring Framework Certification"
What is the best documentation for snapshots and flow repositories in Spring Web Flow?
How do you authenticate against an Active Directory server using Spring Security?
Where can I find a good introductory tutorial for Spring?
JPA Multiple Transaction Managers
Map of Enums and dependency injection in Spring 2.5
Should I use EJB3 or Spring for my business layer?
How do I register a custom type converter in Spring?
Accessing a bean with a dot(.) in its ID
How do I create a spring bean for a Java double primitive?
Validation framework for business app built on Spring 2.5
Some Tomcat webapps not opening
How do I return a 403 Forbidden in Spring MVC?
Aspectj doesn't catch all events in spring framework?
How do you use WebServiceMessageDrivenBean in Spring-WS?
Template Engines for Spring Framework
What's the best way to get started with OSGI?
What OSS project should I look at if I need to do Spring friendly WorkFlow?
What's your "best practice" for the first Java EE Spring project?