Hi All,

I am developing custom inteceptor so that unauthorized user can not access
the resources using struts2. i am following the below mentioed approach

1) when user login process succeed i am putting user object in the session
2) For all other request when user try to hit the direct action URL like
http://kartavya-30a587:8080/BillSmart/Welcome.action
   i am checking(Using this interceptor) if the user object is there in the
session or not and it is working fine for me.

when the user first try to hit the direct URL he is getting redirected to
login page but even if i will provide the user credential it loged me to the
specified page like http://kartavya-30a587:8080/BillSmart/Welcome.action

but when i come back to login page withour logoff and then try to go
directly to a particular page it is not allowing me to do that even the user
object is there in the session.below is the code of my login action,login
interceptor and xml file.pleaes advise where i am doing wrong

3) When user provide valid credential he will be redirected to Welcome page
using Welcome action


Login Action
*

private* Map session;

*public* String execute() *throws* Exception{

*if*(getForm_pw().equals("228781")){

User user=*new* User();

user.setName("aum");

user.setAge("30");

 session.put(BillSmartConstants.*USER*,user);

session.put(BillSmartConstants.*USERNAME*, "aum");

*return* *SUCCESS*;

}



*LoginInterceptor*

public class AuthenticationInterceptor implements Interceptor {

 public void destroy() {
 }

 public void init() {
 }

 public String intercept( ActionInvocation actionInvocation ) throws
Exception {

  Map session = actionInvocation.getInvocationContext().getSession();

  purgeStaleTokens(session);

  User user = (User) session.get( BillSmartConstants.USER );

  if (user == null) {


      return Action.LOGIN;
  }


  else {

      Action action = ( Action ) actionInvocation.getAction();

      if (action instanceof UserAware) {
          ((UserAware)action).setUser(user);
      }

      System.out.println("Logged in: interceptor");
      return actionInvocation.invoke();
  }

 }

 private void purgeStaleTokens (Map session ){




  Object userToken = session.get( BillSmartConstants.USER );
  if ( !( userToken instanceof User ) ) session.remove
(BillSmartConstants.USER ) ;

 }

}

*user.xml*

<package name="com.raisonne.billsmart.user.action" extends="struts-default"
namespace="">


        <interceptors>

   <interceptor name="authenticationInterceptor"
    class="com.raisonne.billsmart.utl.AuthenticationInterceptor" />

   <interceptor-stack name="secureStack">
    <interceptor-ref name="authenticationInterceptor" />
    <interceptor-ref name="defaultStack" />
   </interceptor-stack>

  </interceptors>

  <default-interceptor-ref name="secureStack" />

  <global-results>
   <result name="login">/index.jsp</result>
   <result name="error">/chapterFour/Error.jsp</result>
  </global-results>



     <action name="Welcome">
            <result>/Templates/User/Registration.jsp</result>
        </action>
    </package>

my login.xml file is in another packae where i am not configured the
Authentication Inteceptor i just want that when ever any one hit directly
Welcome.action it must check if the user object is there in session if it is
there it must allow to go directly using this URL and if user obect is not
present it must ask the user to login first,but in case even the user object
is there in the session it is not allowing direct accessto the welcome page



Any help in this regard will be much appriciaed

Reply via email to