You need to include one of the framework interceptor stacks (e.g
"defaultStack") in your "defaultLoginStack" stack. As you have
configured it, your interceptor is the only one that is being
executed, so none of the framework "magic" gets applied.
Nils-H
On Mon, Jul 20, 2009 at 10:09 AM, mathias-ewald<nitehoax...@gmx.net> wrote:
>
> Hi,
>
> recently I was told using Interceptors was better than using a BaseAction
> object performing the login process. I agree. Still I have some trouble:
>
> This is what happens: I have a JSP that creates a button liked with another
> action:
>
> AgencyDetails.jsp
> ---------------------------------
> ...
> <s:url id="url" value="/rating/Rate">
> <s:param name="staffResourceId"><s:property value="staffResource.id"
> /></s:param>
> </s:url>
> <s:a href="%{url}"><button>Place Rating!</button></s:a><br>
> ...
> ---------------------------------
>
> This is the struts.xml configuration for that Action:
>
> rating.xml
> ---------------------------------
> <package name="rating" namespace="/rating" extends="default">
> <default-interceptor-ref name="defaultLoginStack" />
> <action name="Rate"
> class="de.mathiasewald.projektseminar.action.rating.Rate">
> <result>
> /rating/Rate.jsp
> </result>
> </action>
> </package>
> ---------------------------------
>
> This is the inteceptor stack in struts.xml
>
> ---------------------------------
> <interceptors>
> <interceptor name="login"
> class="de.mathiasewald.projektseminar.interceptor.LoginInterceptor">
>
> </interceptor>
> <interceptor-stack name="defaultLoginStack">
> <interceptor-ref name="login" />
> </interceptor-stack>
> </interceptors>
> ---------------------------------
>
> and finally the LoginInterceptor.java
>
> ---------------------------------
> public class LoginInterceptor extends AbstractInterceptor implements
> StrutsStatics {
>
> /**
> *
> */
> private static final long serialVersionUID = -6647897949084333127L;
>
>
> private LoginManager loginManager = new LoginManager();
>
> private static final Log log =
> LogFactory.getLog(LoginInterceptor.class);
>
> private static final String USER_HANDLE =
> "QUADRAN_USER_SESSSION_HANDLE";
> private static final String LOGIN_ATTEMPT = "QUADRAN_LOGIN_ATTEMPT";
> private static final String USERNAME = "QUADRAN_USERNAME";
> private static final String PASSWORD = "QUADRAN_PASSWORD";
>
>
>
> public void init () {
> log.info ("Intializing LoginInterceptor");
> }
>
> public void destroy () {}
>
> public String intercept (ActionInvocation invocation) throws Exception
> {
> // Get the action context from the invocation so we can access
> the
> // HttpServletRequest and HttpSession objects.
> final ActionContext context = invocation.getInvocationContext
> ();
> HttpServletRequest request = (HttpServletRequest)
> context.get(HTTP_REQUEST);
> HttpSession session = request.getSession (true);
>
> // Is there a "user" object stored in the user's HttpSession?
> Object user = session.getAttribute (USER_HANDLE);
> if (user == null) {
> // The user has not logged in yet.
>
> // Is the user attempting to log in right now?
> String loginAttempt = request.getParameter
> (LOGIN_ATTEMPT);
> if (loginAttempt != null &&
> loginAttempt.trim().length() > 0) { // The
> user is attempting to log in.
>
> log.info("User tries to log in - processing
> attempt...");
>
> // Process the user's login attempt.
> if (processLoginAttempt (request, session) ) {
> // The login succeeded send them the
> login-success page.
> log.info("User " + loginAttempt + "
> logged in successfully.");
> return invocation.invoke ();
> } else {
> // The login failed. Set an error if
> we can on the action.
> log.info("Error authenticating user "
> + loginAttempt);
> Object action = invocation.getAction
> ();
> if (action instanceof
> com.opensymphony.xwork2.ValidationAware) {
>
> ((com.opensymphony.xwork2.ValidationAware) action).addActionError
> ("Username or password incorrect.");
> }
> }
> }
>
> // Either the login attempt failed or the user hasn't
> tried to login yet,
> // and we need to send the login form.
> return "login";
> } else {
> return invocation.invoke ();
> }
> }
>
> /**
> * Attempt to process the user's login attempt delegating the work to
> the
> * SecurityManager.
> */
> public boolean processLoginAttempt (HttpServletRequest request,
> HttpSession
> session) {
> // Get the username and password submitted by the user from the
> HttpRequest.
> String username = request.getParameter (USERNAME);
> String password = request.getParameter (PASSWORD);
>
> // Use the security manager to validate the user's username
> and password.
> Object user = loginManager.login(username, password);
>
> if (user != null) {
> // The user has successfully logged in. Store their
> user object in
> // their HttpSession. Then return true.
> session.setAttribute (USER_HANDLE, user);
> return true;
> } else {
> // The user did not successfully log in. Return false.
> return false;
> }
> }
>
> }
> ---------------------------------
>
> Clicking the button I showed ealier, the Rate action is invoked and
> intercepted by LoginInterceptor. As you can see the Action gets a parameter
> "staffResourceId". As I click it the login page shows up and the address bar
> of my browser tells
> "http://localhost:8080/projektseminar/rating/Rate?staffResourceId=1";.
> Next, I enter my login credentials, the log tells me I was logged in
> successfully, the browser address bar says
> "http://localhost:8080/projektseminar/rating/Rate"; and the log messages from
> the Rate action say that there was no staffResourceId parameter set.
>
> Why is that?
>
> cu
> mathias
> --
> View this message in context:
> http://www.nabble.com/Problem-with-LoginInterceptor-tp24565562p24565562.html
> Sent from the Struts - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
