Hi,
a few days ago I implemented a login mechanism into my web application.
Therefore I use an abstract BaseAction, that asks the implementing class
wheter it want to be password protected or not. If it does and there's no
object named "user" available the Login.jsp is shown. When the Login form
returns the user object is placed into session scope.
The Problem is, that after the Login.jsp has returned to the BaseAction all
parameters that were passed to the implementing Action are lost.
What can I do?
Here' my code:
BaseAction.java
-------------------------------------------------------------------------------
public abstract class BaseAction {
public static final Integer ALLOWED = 0;
public static final Integer DENIED = 1;
public static final Integer DENIED_GROUP = 2;
private String logout = "false";
private String username;
private String password;
protected Log log;
public BaseAction() {}
public String execute() {
if(log == null) {
log = LogFactory.getLog(getClass());
}
Map<String, Object> session =
ActionContext.getContext().getSession();
/*
* if the user wants to logout, delete the object
* from session scope.
*/
if("true".equals(logout)) {
Object userObj = session.get("user");
if(userObj != null) {
session.put("user", null);
log.info("User " +
((UserAccount)userObj).getName() + " logged out.");
}
}
/*
* in case the username and password values are set, perform
* the login process.
*/
if (username != null && password != null) {
Session s =
HibernateUtil.getSessionFactory().openSession();
Transaction tx = s.beginTransaction();
UserAccount user =
(UserAccount)s.createCriteria(UserAccount.class)
.add(Restrictions.eq("name", username))
.uniqueResult();
tx.commit();
s.close();
if(user == null) {
log.info("Error authenticating user " +
username);
return "loginError";
}
String dbHash = user.getPasswordhash().toLowerCase();
String formHash = MD5Util.md5(password).toLowerCase();
if(dbHash.equals(formHash)) {
session.put("user", user);
log.info("User " + user.getName() + " logged
in.");
} else {
log.info("Password mismatch for user " +
username);
return "loginError";
}
}
/*
* If we get this far, userObject is either successfully logged
* in or null, so get the UserAccount object or set it null.
*/
Object userObject = session.get("user");
UserAccount user = null;
if(userObject != null && userObject instanceof UserAccount) {
user = (UserAccount)userObject;
}
/*
* Now ask the "real" action if access is allowed.
*/
int retVal = isAllowed(user);
if(retVal == ALLOWED) {
return executeAction();
} else if(retVal == DENIED_GROUP) {
return "permissionError";
} else {
return "login";
}
}
public abstract String executeAction();
public abstract Integer isAllowed(UserAccount user);
// getter and setter methods
}
-------------------------------------------------------------------------------
Login.jsp
-------------------------------------------------------------------------------
<html>
<head>
<jsp:include page="/common/Head.jsp"/>
</head>
<body>
<div id="container">
<jsp:include page="/common/Header.jsp"/>
<div id="navi">
Main > Login
</div>
<div id="body">
<br><br><br><br><br>
<div style="width: 40%; margin: 0 auto;">
This page is protected! Please login:
<br><br>
<s:form method="post">
<s:textfield label="Username"
name="username"></s:textfield>
<s:password label="Password"
name="password"></s:password>
<s:submit></s:submit>
</s:form>
</div>
</div>
<jsp:include page="/common/Footer.jsp"/>
</div>
</body>
</html>
-------------------------------------------------------------------------------
Is there any chance to have the parameters preserved?
cu
mathias
--
View this message in context:
http://www.nabble.com/Login-mechanism---preserve-Action-parameters-tp24559907p24559907.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
