wood burning stoves 2.0*
The moose likes Struts and the fly likes Struts 2 : Authentication & Authorization Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts 2 : Authentication & Authorization" Watch "Struts 2 : Authentication & Authorization" New topic
Author

Struts 2 : Authentication & Authorization

Jigar Naik
Ranch Hand

Joined: Dec 12, 2006
Posts: 753
Hi,

I am new to Struts 2 and trying to implement Authentication and Authorization functinality in my sample application just for learning purposes.

But i am confused how to implement this functinality.

Bellow is the steps i have taken to implement the same. functionally my application is working fine. but there must be some easy way to implement the same.

I have one login.jsp which propmts for Login Id and Password from the user.

and index.jsp collects few data like phone no etc. but before user comes to index.jsp user has to be logged in.

so i have written one interceptor for checked the same. before every request goes to the destination.

Bellow is my code.

LoginInterceptor.java


And below is my struts.xml file



Jigar Naik


David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Interceptors aren't actions, shouldn't extend ActionSupport, and having them implement action-oriented interfaces is meaningless. Having an interceptor

The actions you defined each set their own interceptor stack consisting *solely* of the login interceptor; this is almost certainly not what you want. If you define an interceptor stack for an action you must define *all* the interceptors that action requires.

You can avoid defining an interceptor stack for each action by defining a default interceptor stack containing all the interceptors you require.

Normally, if doing something like this by hand, there will be an un-protected login action that will check the user's credentials and put a user object (in your case) into session. It's not really appropriate (in my opinion) for that functionality to reside in an interceptor--interceptors are meant for application-wide, cross-cutting behavior. In this case, the cross-cutting behavior is to check for a valid user and if none is found go to the login page.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Struts 2 : Authentication & Authorization
 
Similar Threads
ModelDriver Interceptor + not getting my object
interceptor not working in struts 2
Struts 2 Question
Logout is not properly working in struts2 please help me
struts2 login interceptor not finding session attribute of user details.