Hi,
I have also implemented login mechanism but I have used Servlet
filter to check the user login status.
I have applied filer on the restricted URI of my application by just a small
configuration in web.xml.
Regards,
Nitesh Jain
-----Original Message-----
From: Robin Mannering [mailto:[email protected]]
Sent: 17 July 2009 01:18
To: Struts Users Mailing List
Subject: Re: Login with Struts2
Hi,
I recently implemented a login mechanism but did it slightly differently
after recommendations from this mailing list to use an interceptor.
Each action/page that requires a validated login is directed via a
Interceptor.
The sole purpose of the interceptor is to verify the existence of an
object in the session. Here is the guts of the method:
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext ac = invocation.getInvocationContext();
Map session = ac.getSession();
// retrieve the login status from the session by key name.
User user = (User) session.get(Constants.USER_SESSION_SCOPE);
// if the user object is non null, the user is logged in.
if (user != null) {;
return invocation.invoke();
}
return "notLoggedIn";
}
It is then necessary to create a new interceptor stack:
<interceptor-stack name="my.validationWorkflowStack">
<interceptor-ref name="defaultStack"/>
<interceptor-ref name="amr.validation"/>
</interceptor-stack>
I also defined a global-result as follows to take care of directing the
client when not logged in.
<global-results>
<result name="notLoggedIn" type="redirectAction">
<param name="actionName">showLogin</param>
</result>
</global-results>
Finally, here is an example of a protected action using the new
interceptor stack:
<action name="showControlPanel">
<!-- Include our validation stack to ensure user is logged
in -->
<interceptor-ref name="my.validationWorkflowStack"/>
<result type="freemarker">/controlPanel.ftl</result>
</action>
You then simply need a regular action to take of the "login" which will
place a valid object/flag in the session.
Hope this helps
mathias-ewald wrote:
> Hi,
>
> I am trying to implement a login mechanism. I will now explain what I did
> and what error I get but in case there is a more sophisticated way to do
> that - please tell me!
>
> I created a BaseAction which is the parent of all my Actions. The
BaseAction
> is supposed to be responsible for displaying a login page if there is no
> User object in session scope. Then the login form should put the username
> and password into the BaseAction. The BaseAction then tries to find a
match
> in the database and places the User object into session scope:
>
> ---------------------
> public abstract class BaseAction {
>
> private String username;
>
> private String password;
>
> protected Log log;
>
> private Boolean loginStatus;
>
>
> public String execute() {
> if(log == null) {
> log = LogFactory.getLog(getClass());
> }
>
> if(isProtected()) {
> Map<String, Object> session =
ActionContext.getContext().getSession();
> Object o = session.get("user");
> if(o instanceof User) {
> loginStatus = true;
> } else {
> return "login";
> }
> }
>
>
> return executeAction();
> }
>
>
> public abstract String executeAction();
>
> public abstract Boolean isProtected();
>
>
> public Boolean getLoginStatus() {
> return loginStatus;
> }
>
> public void setLoginStatus(Boolean loginStatus) {
> this.loginStatus = loginStatus;
> }
>
> public String getUsername() {
> return username;
> }
>
> public void setUsername(String username) {
> this.username = username;
> }
>
> public String getPassword() {
> return password;
> }
>
> public void setPassword(String password) {
> this.password = password;
> }
> }
> ---------------------
>
> An Action that wants to be password protected must implement
#isProtected()
> to return "true". This is my JSP file that is shown if #isProtected() ==
> true and there's no User in session scope:
>
> ---------------------
> ...
> <s:form>
> <s:textfield label="Username"
name="userData.username"></s:textfield>
> <s:password label="Password" name="userData.password"></s:password>
> <s:submit></s:submit>
> </s:form>
> ...
> ---------------------
>
> This is the error I get
>
> ---------------------
> 20:35:42,179 WARN OgnlValueStack:49 - Error setting value
> ognl.OgnlException: target is null for setProperty(null, "password",
> [Ljava.lang.String;@1f22dad5)
> at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:1651)
> at ognl.ASTProperty.setValueBody(ASTProperty.java:101)
> at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
> at ognl.SimpleNode.setValue(SimpleNode.java:246)
> at ognl.ASTChain.setValueBody(ASTChain.java:172)
> at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
> at ognl.SimpleNode.setValue(SimpleNode.java:246)
> at ognl.Ognl.setValue(Ognl.java:476)
> ...
> ---------------------
>
>
> Why is that happening?
>
> cu
> mathias
>
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date: 07/15/09
17:58:00
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
