• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Struts 2 : Authentication & Authorization

 
Ranch Hand
Posts: 763
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am new to Struts 2 and trying to implement Authentication and Authorization functinality in my sample application just for learning purposes.

But i am confused how to implement this functinality.

Bellow is the steps i have taken to implement the same. functionally my application is working fine. but there must be some easy way to implement the same.

I have one login.jsp which propmts for Login Id and Password from the user.

and index.jsp collects few data like phone no etc. but before user comes to index.jsp user has to be logged in.

so i have written one interceptor for checked the same. before every request goes to the destination.

Bellow is my code.

LoginInterceptor.java


And below is my struts.xml file


 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Interceptors aren't actions, shouldn't extend ActionSupport, and having them implement action-oriented interfaces is meaningless. Having an interceptor

The actions you defined each set their own interceptor stack consisting *solely* of the login interceptor; this is almost certainly not what you want. If you define an interceptor stack for an action you must define *all* the interceptors that action requires.

You can avoid defining an interceptor stack for each action by defining a default interceptor stack containing all the interceptors you require.

Normally, if doing something like this by hand, there will be an un-protected login action that will check the user's credentials and put a user object (in your case) into session. It's not really appropriate (in my opinion) for that functionality to reside in an interceptor--interceptors are meant for application-wide, cross-cutting behavior. In this case, the cross-cutting behavior is to check for a valid user and if none is found go to the login page.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic