When I try to access a page in my webapp I want to be redirected to the login page if I'm not already logged in.
I understand that using sessions you can see if someone is logged in or not?
How is this done?
I've looked at the example at :http://struts.apache.org/2.x/docs/simplelogin-with-session.html
But I have some questions about what happens in the example:
1. The execute method in their LoginAction class:
This code snipped adds two new things to the current session, right?
Would the map contain the String and the Date that I added previously if I do "session = ActionContext.getContext().getSession()" directly after?
Could the key "context" be changed to "userBean" and the Date object be changed to a Bean?
2. The loginChecker.jsp:
Obviously the webworks tags could be changed to struts tags (<s:if test=""> etc).
But what does "login" in the code "#session.login" refer to? Obviously it's the name of something stored in the session, but they don't put anything into the session that is called "login" as far as I can see. Could it refer to the action? Since there is an action configured in the xwork.xml that is called "login".
3. Is it wise to put a code snippet, like the one below, in every action which renders a page I only want logged in users to access?
Then sending anyone with an ERROR result to the login page, and letting anyone with a SUCCESS result continue to the page.
Or is there a better way?
1) You can put anything you want into session, and call it anything you want. For basic servlet technology questions check out the servlets forum.
2) It's a typo.
3) No; that kind of code belongs in either an action base class or an interceptor.
Joined: Feb 13, 2009
Thank you David.
I'll go ahead an write an interceptor.
And I'll go ahead and ask a question about the interceptor just to make sure that I've got it right.
It's the interceptors work to redirect the user to the login page if he/she isn't logged in, right?