It's not a secret anymore!
The moose likes Struts and the fly likes Struts 2 : Authentication & Authorization Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts 2 : Authentication & Authorization" Watch "Struts 2 : Authentication & Authorization" New topic

Struts 2 : Authentication & Authorization

Jigar Naik
Ranch Hand

Joined: Dec 12, 2006
Posts: 761

I am new to Struts 2 and trying to implement Authentication and Authorization functinality in my sample application just for learning purposes.

But i am confused how to implement this functinality.

Bellow is the steps i have taken to implement the same. functionally my application is working fine. but there must be some easy way to implement the same.

I have one login.jsp which propmts for Login Id and Password from the user.

and index.jsp collects few data like phone no etc. but before user comes to index.jsp user has to be logged in.

so i have written one interceptor for checked the same. before every request goes to the destination.

Bellow is my code.

And below is my struts.xml file

Jigar Naik

David Newton

Joined: Sep 29, 2008
Posts: 12617

Interceptors aren't actions, shouldn't extend ActionSupport, and having them implement action-oriented interfaces is meaningless. Having an interceptor

The actions you defined each set their own interceptor stack consisting *solely* of the login interceptor; this is almost certainly not what you want. If you define an interceptor stack for an action you must define *all* the interceptors that action requires.

You can avoid defining an interceptor stack for each action by defining a default interceptor stack containing all the interceptors you require.

Normally, if doing something like this by hand, there will be an un-protected login action that will check the user's credentials and put a user object (in your case) into session. It's not really appropriate (in my opinion) for that functionality to reside in an interceptor--interceptors are meant for application-wide, cross-cutting behavior. In this case, the cross-cutting behavior is to check for a valid user and if none is found go to the login page.
I agree. Here's the link:
subject: Struts 2 : Authentication & Authorization
It's not a secret anymore!