Hi,
recently I was told using Interceptors was better than using a BaseAction
object performing the login process. I agree. Still I have some trouble:
This is what happens: I have a JSP that creates a button liked with another
action:
AgencyDetails.jsp
---------------------------------
...
<s:url id="url" value="/rating/Rate">
<s:param name="staffResourceId"><s:property value="staffResource.id"
/></s:param>
</s:url>
<s:a href="%{url}"><button>Place Rating!</button></s:a><br>
...
---------------------------------
This is the struts.xml configuration for that Action:
rating.xml
---------------------------------
<package name="rating" namespace="/rating" extends="default">
<default-interceptor-ref name="defaultLoginStack" />
<action name="Rate"
class="de.mathiasewald.projektseminar.action.rating.Rate">
<result>
/rating/Rate.jsp
</result>
</action>
</package>
---------------------------------
This is the inteceptor stack in struts.xml
---------------------------------
<interceptors>
<interceptor name="login"
class="de.mathiasewald.projektseminar.interceptor.LoginInterceptor">
</interceptor>
<interceptor-stack name="defaultLoginStack">
<interceptor-ref name="login" />
</interceptor-stack>
</interceptors>
---------------------------------
and finally the LoginInterceptor.java
---------------------------------
public class LoginInterceptor extends AbstractInterceptor implements
StrutsStatics {
/**
*
*/
private static final long serialVersionUID = -6647897949084333127L;
private LoginManager loginManager = new LoginManager();
private static final Log log =
LogFactory.getLog(LoginInterceptor.class);
private static final String USER_HANDLE =
"QUADRAN_USER_SESSSION_HANDLE";
private static final String LOGIN_ATTEMPT = "QUADRAN_LOGIN_ATTEMPT";
private static final String USERNAME = "QUADRAN_USERNAME";
private static final String PASSWORD = "QUADRAN_PASSWORD";
public void init () {
log.info ("Intializing LoginInterceptor");
}
public void destroy () {}
public String intercept (ActionInvocation invocation) throws Exception {
// Get the action context from the invocation so we can access
the
// HttpServletRequest and HttpSession objects.
final ActionContext context = invocation.getInvocationContext
();
HttpServletRequest request = (HttpServletRequest)
context.get(HTTP_REQUEST);
HttpSession session = request.getSession (true);
// Is there a "user" object stored in the user's HttpSession?
Object user = session.getAttribute (USER_HANDLE);
if (user == null) {
// The user has not logged in yet.
// Is the user attempting to log in right now?
String loginAttempt = request.getParameter
(LOGIN_ATTEMPT);
if (loginAttempt != null &&
loginAttempt.trim().length() > 0) { // The
user is attempting to log in.
log.info("User tries to log in - processing
attempt...");
// Process the user's login attempt.
if (processLoginAttempt (request, session) ) {
// The login succeeded send them the
login-success page.
log.info("User " + loginAttempt + "
logged in successfully.");
return invocation.invoke ();
} else {
// The login failed. Set an error if we
can on the action.
log.info("Error authenticating user " +
loginAttempt);
Object action = invocation.getAction ();
if (action instanceof
com.opensymphony.xwork2.ValidationAware) {
((com.opensymphony.xwork2.ValidationAware) action).addActionError
("Username or password incorrect.");
}
}
}
// Either the login attempt failed or the user hasn't
tried to login yet,
// and we need to send the login form.
return "login";
} else {
return invocation.invoke ();
}
}
/**
* Attempt to process the user's login attempt delegating the work to
the
* SecurityManager.
*/
public boolean processLoginAttempt (HttpServletRequest request,
HttpSession
session) {
// Get the username and password submitted by the user from the
HttpRequest.
String username = request.getParameter (USERNAME);
String password = request.getParameter (PASSWORD);
// Use the security manager to validate the user's username and
password.
Object user = loginManager.login(username, password);
if (user != null) {
// The user has successfully logged in. Store their
user object in
// their HttpSession. Then return true.
session.setAttribute (USER_HANDLE, user);
return true;
} else {
// The user did not successfully log in. Return false.
return false;
}
}
}
---------------------------------
Clicking the button I showed ealier, the Rate action is invoked and
intercepted by LoginInterceptor. As you can see the Action gets a parameter
"staffResourceId". As I click it the login page shows up and the address bar
of my browser tells
"http://localhost:8080/projektseminar/rating/Rate?staffResourceId=1";.
Next, I enter my login credentials, the log tells me I was logged in
successfully, the browser address bar says
"http://localhost:8080/projektseminar/rating/Rate"; and the log messages from
the Rate action say that there was no staffResourceId parameter set.
Why is that?
cu
mathias
--
View this message in context:
http://www.nabble.com/Problem-with-LoginInterceptor-tp24565562p24565562.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
