Hi All, I am developing custom inteceptor so that unauthorized user can not access the resources using struts2. i am following the below mentioed approach
1) when user login process succeed i am putting user object in the session 2) For all other request when user try to hit the direct action URL like http://kartavya-30a587:8080/BillSmart/Welcome.action i am checking(Using this interceptor) if the user object is there in the session or not and it is working fine for me. when the user first try to hit the direct URL he is getting redirected to login page but even if i will provide the user credential it loged me to the specified page like http://kartavya-30a587:8080/BillSmart/Welcome.action but when i come back to login page withour logoff and then try to go directly to a particular page it is not allowing me to do that even the user object is there in the session.below is the code of my login action,login interceptor and xml file.pleaes advise where i am doing wrong 3) When user provide valid credential he will be redirected to Welcome page using Welcome action Login Action * private* Map session; *public* String execute() *throws* Exception{ *if*(getForm_pw().equals("228781")){ User user=*new* User(); user.setName("aum"); user.setAge("30"); session.put(BillSmartConstants.*USER*,user); session.put(BillSmartConstants.*USERNAME*, "aum"); *return* *SUCCESS*; } *LoginInterceptor* public class AuthenticationInterceptor implements Interceptor { public void destroy() { } public void init() { } public String intercept( ActionInvocation actionInvocation ) throws Exception { Map session = actionInvocation.getInvocationContext().getSession(); purgeStaleTokens(session); User user = (User) session.get( BillSmartConstants.USER ); if (user == null) { return Action.LOGIN; } else { Action action = ( Action ) actionInvocation.getAction(); if (action instanceof UserAware) { ((UserAware)action).setUser(user); } System.out.println("Logged in: interceptor"); return actionInvocation.invoke(); } } private void purgeStaleTokens (Map session ){ Object userToken = session.get( BillSmartConstants.USER ); if ( !( userToken instanceof User ) ) session.remove (BillSmartConstants.USER ) ; } } *user.xml* <package name="com.raisonne.billsmart.user.action" extends="struts-default" namespace=""> <interceptors> <interceptor name="authenticationInterceptor" class="com.raisonne.billsmart.utl.AuthenticationInterceptor" /> <interceptor-stack name="secureStack"> <interceptor-ref name="authenticationInterceptor" /> <interceptor-ref name="defaultStack" /> </interceptor-stack> </interceptors> <default-interceptor-ref name="secureStack" /> <global-results> <result name="login">/index.jsp</result> <result name="error">/chapterFour/Error.jsp</result> </global-results> <action name="Welcome"> <result>/Templates/User/Registration.jsp</result> </action> </package> my login.xml file is in another packae where i am not configured the Authentication Inteceptor i just want that when ever any one hit directly Welcome.action it must check if the user object is there in session if it is there it must allow to go directly using this URL and if user obect is not present it must ask the user to login first,but in case even the user object is there in the session it is not allowing direct accessto the welcome page Any help in this regard will be much appriciaed