I am currently in the process of learning Struts 2 and I am currently building a simple application where unverified users are redirected to a login form.
I have a login form and action functional which takes the users credentials, verifies them and stores a User object in the session however I am now trying to prevent access to pages before the login has taken place and I am trying to do this with an interceptor.
My problem is that I have written an interceptor that checks whether the User object has been saved in the session but if it has not I want to redirect to the login page and can't find any way of doing this without bypassing struts and using the HttpServletResponse.sendRedirect method
Configuration:
<package name="mypackage" extends="struts-default" namespace="/admin">
<interceptors>
<interceptor name="login" class="my.LoginInterceptor" />
</interceptors>
<default-interceptor-ref name="login"/>
<action name="login" class="my.LoginAction">
<result name="input">/admin/login.jsp</result>
<result name="success" type="redirect">/admin</result>
</action>
<action name="private" class="my.PrivateAction">
<result>/admin/private.jsp</result>
</action>
</package>
The interceptor code:
@Override
public String intercept(ActionInvocation inv) throws 开发者_JS百科Exception {
Map<String, Object> session = inv.getInvocationContext().getSession();
Object user = session.get("user");
if(user == null) {
// redirect to the 'login' action here
}
else {
return inv.invoke();
}
}
The standard way is to return a special global result (eg "login") and define a global mapping from that result to your admin/login.jsp
. So you just must add this line:
if(user == null) {
return "login";
}
And in your struts.xml
:
<global-results>
<result name="login">/admin/login.jsp</result>
</global-results>
BTW, I'm afraid that you are replacing the default Struts2 interceptor stack with your single interceptor, normally you want to add your interceptor to the stack. Eg:
<interceptors>
<interceptor name="login" class="my.LoginInterceptor" />
<interceptor-stack name="stack-with-login">
<interceptor-ref name="login"/>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="stack-with-login"/>
BTW2: You must NOT apply the interceptor to your login action, of course.
You can find the complete example of struts2 with a custom Login Interceptor here
http://sandeepbhardwaj.github.io/2010/12/01/struts2-with-login-interceptor.html
great tutorial.
If you need to use send redirect, return null to avoid this problem (example redirecting from www.domain.com to domain.com):
public String intercept(final ActionInvocation invocation) throws Exception {
String url=RequestUtil.getURLWithParams(); //you should implement this
int index=url.indexOf("www");
if (index!=-1 && index<10) {
//Note: <10 to check that the www is in the domain main url
//https://localhost:8443/mycontext/myaction.action?oneparam=http://www.youtube.com/user/someuser
String redirection=url.replaceFirst("www\\.", "");
LOG.debug("Redirection from "+url+" to "+redirection);
RequestUtil.getResponse().setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
RequestUtil.getResponse().sendRedirect(redirection);
return null;
}
return invocation.invoke();
}
精彩评论