struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Al Sutton" <>
Subject RE: Interceptor best practices ...
Date Fri, 04 Jan 2008 08:26:25 GMT
imho, you shouldn't be validating the users username and password in an
interceptor. You should validate them in an action, then set a token in the
session indicating the user had been validated, then check for your chosen
token in the interceptor.

That way you don't need to keep hitting your username and password store
every time a request comes in. 

-----Original Message-----
From: Mufaddal Khumri [] 
Sent: 04 January 2008 04:48
To: Struts Users Mailing List
Subject: Interceptor best practices ...

Am trying to understand the best practice if any for a
ValidateLoginInterceptor of sorts. In the code below, if the login is valid
then we make a call to:

	return actionInvocation.invoke();

In case the login information was incorrect, what should one do?

	return ActionSupport.ERROR // In this case would the <result
name="error">/myerrorpage.ftl</result> associated with my action be

public class ValidateLoginInterceptor implements Interceptor {
	private static final long serialVersionUID = 1L;
	private static String EMAIL_FIELD = "email";
	private static String PASSWORD_FIELD = "password";
	public void destroy()

	public void init()

	public String intercept(ActionInvocation actionInvocation) throws
		String email =
		String password = actionInvocation.getStack().findString

		if (isValidLogin(email, password))
     			// login credentials were valid
       			return actionInvocation.invoke();
	    		// login credentials are not valid
Should I be doing this?
     			return ActionSupport.ERROR;


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message