Hi,
I've been working on the login portion of a web app I'm creating. I got everything up and running, but I now want to improve my implementation to be more robust and resilient to various possible user access.
My original implementation involved invoking an action listed in my struts.xml, performing the code in the execute method and then transitioning to the main
jsp. With this implementation, I could create a actionName-validation.xml and get the
struts validation interceptor to perform validation on my action prior to invoking the code in the execute method.
My new implementation hinges around the creation of an Interceptor. This interceptor is invoked on EVERY action call. The interceptor checks to see if the user is logged on. If the user is logged on, the interceptor simply delegates the flow of control to the next interceptor (or the action). If the user isn't logged on and they have just attempted to log on, this code then performs a user validation to check they have entered valid log-on credentials. By valid, I simply mean the combination exists in the database. If the interceptor successfully validates the user, they are then forwarded to whichever action they were attempting to perform at that time.
So in a nutshell, this is the problem. In order to develop a solution to authenticating users regardless of the address/action they enter, I need an interceptor, hence the creation of my Login Interceptor. I would however like to use struts validation to validate the user has entered valid credentials and they are in the valid format before they get to my interceptor. I'm not entirely sure how to achieve this as validation.xml is meant to be tied to an action, but in my case, any action could re-direct to my login page which in turn on submission will be re-directed to another page.
I could create essentially a dummy action containing the attributes on my login form, create a validation file (or use annotations) and then ensure the struts validate interceptor is called before my login interceptor. I would then simply forward the execute of my dummy action to the actual action the user was trying to invoke.
Before resorting to this, I just wanted to see if there were more elegant solutions to this problem.
FYI, my implementation closely relates to the implementation that can be found at the following url:
http://www.vitarara.org/cms/struts_2_cookbook/creating_a_login_interceptor
Appreciate any advice.
Many Thanks.