This week's book giveaway is in the OCAJP forum.
We're giving away four copies of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) and have Khalid A Mughal & Rolf W Rasmussen on-line!
See this thread for details.
Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Struts 2 : Authentication & Authorization

 
Jigar Naik
Ranch Hand
Posts: 762
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am new to Struts 2 and trying to implement Authentication and Authorization functinality in my sample application just for learning purposes.

But i am confused how to implement this functinality.

Bellow is the steps i have taken to implement the same. functionally my application is working fine. but there must be some easy way to implement the same.

I have one login.jsp which propmts for Login Id and Password from the user.

and index.jsp collects few data like phone no etc. but before user comes to index.jsp user has to be logged in.

so i have written one interceptor for checked the same. before every request goes to the destination.

Bellow is my code.

LoginInterceptor.java


And below is my struts.xml file


 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Interceptors aren't actions, shouldn't extend ActionSupport, and having them implement action-oriented interfaces is meaningless. Having an interceptor

The actions you defined each set their own interceptor stack consisting *solely* of the login interceptor; this is almost certainly not what you want. If you define an interceptor stack for an action you must define *all* the interceptors that action requires.

You can avoid defining an interceptor stack for each action by defining a default interceptor stack containing all the interceptors you require.

Normally, if doing something like this by hand, there will be an un-protected login action that will check the user's credentials and put a user object (in your case) into session. It's not really appropriate (in my opinion) for that functionality to reside in an interceptor--interceptors are meant for application-wide, cross-cutting behavior. In this case, the cross-cutting behavior is to check for a valid user and if none is found go to the login page.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic