Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Logout is not properly working in struts2 please help me

 
nalamati satyanarayana
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
This is satya i developed logging/logout application using struts like
First i developed Logging interceptor this will authenticate and it will display success ful jsp then if i click on logout it will redireect to login jsp but after that if i click on
back on browser again it displaying successful jsp

Anybody please help me out to how to resolve this problem

My intrceptor code like this

/**
* A Struts 2 interceptor that implements a login system.
*/
public class LoginInterceptor extends AbstractInterceptor implements StrutsStatics {

/**
*
*/
private static final long serialVersionUID = 1L;
private SecurityManager securityManager;
private static final Log log = LogFactory.getLog (LoginInterceptor.class);
private static final String USER_HANDLE = "QUADRAN_USER_SESSSION_HANDLE";
private static final String LOGIN_ATTEMPT = "QUADRAN_LOGIN_ATTEMPT";
private static final String USERNAME = "QUADRAN_USERNAME";
private static final String PASSWORD = "QUADRAN_PASSWORD";

public void init () {
log.info ("Intializing LoginInterceptor");
}

public void destroy () {}

public String intercept (ActionInvocation invocation) throws Exception {
// Get the action context from the invocation so we can access the
// HttpServletRequest and HttpSession objects.
final ActionContext context = invocation.getInvocationContext ();
HttpServletRequest request = (HttpServletRequest) context.get(HTTP_REQUEST);
HttpSession session = request.getSession (true);

// Is there a "user" object stored in the user's HttpSession?
Object user = session.getAttribute (USER_HANDLE);
if (user == null) {
// The user has not logged in yet.

// Is the user attempting to log in right now?
String loginAttempt = request.getParameter (LOGIN_ATTEMPT);
if (! StringUtils.isBlank (loginAttempt) ) { // The user is attempting to log in.

// Process the user's login attempt.
if (processLoginAttempt (request, session) ) {
// The login succeeded send them the login-success page.
return "login-success";
} else {
// The login failed. Set an error if we can on the action.
Object action = invocation.getAction ();
if (action instanceof com.opensymphony.xwork2.ValidationAware) {
((com.opensymphony.xwork2.ValidationAware) action).addActionError ("Username or password incorrect.");
}
}
}

// Either the login attempt failed or the user hasn't tried to login yet,
// and we need to send the login form.
return "login";
} else {
return invocation.invoke ();
}
}

/**
* Attempt to process the user's login attempt delegating the work to the
* SecurityManager.
*/
public boolean processLoginAttempt (HttpServletRequest request, HttpSession session) {
// Get the username and password submitted by the user from the HttpRequest.
String username = request.getParameter (USERNAME);
String password = request.getParameter (PASSWORD);

SecurityManagerImpl s= new SecurityManagerImpl();
// Use the security manager to validate the user's username and password.
Object user = s.login (username, password);

if (user != null) {
// The user has successfully logged in. Store their user object in
// their HttpSession. Then return true.
session.setAttribute (USER_HANDLE, user);

return true;
} else {
// The user did not successfully log in. Return false.
return false;
}
}

public void setSecurityManager (SecurityManager in) {
log.debug ("Setting security manager using: " + in.toString () );
this.securityManager = in;
}

My logout action code below

session = (SessionMap<String, Object>)ActionContext.getContext().getSession();

System.out.println("removing: login "+session.get("QUADRAN_USER_SESSSION_HANDLE"));
session.remove("QUADRAN_USER_SESSSION_HANDLE");
session.clear();
session.invalidate();

//setSession(session);
System.out.println("removed - sreedevi: login "+session.get("QUADRAN_USER_SESSSION_HANDLE"));
return SUCCESS;


 
Nitesh Kant
Bartender
Posts: 1638
IntelliJ IDE Java MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
CarefullyChooseOneForum while posting. Moving to struts forum.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please UseCodeTags; code is quite difficult to read without them.

You'll need to disable caching, otherwise the browser will just show what it already has.
 
Pawan Kalyan
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey try this code in the page you navigate to after login page. ( Ex: Put this code in welcome.jsp after you login from login.jsp)

<head>
<%

response.setHeader("Cache-Control","no-cache"); // HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0);
%>

<script language="JavaScript">
var x=window.history.length;
if (window.history[x]!=window.location)
{
window.history.forward();
}
</script>
</head>


and use the response.setHeader part in every jsp in the Head section so that the browser wont cache.

This will work for 100%

 
Rob Spoor
Sheriff
Pie
Posts: 20495
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Moving to Struts (as I should've done before).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic