struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mathias-ewald <nitehoax...@gmx.net>
Subject Problem with LoginInterceptor
Date Mon, 20 Jul 2009 08:09:43 GMT

Hi,

recently I was told using Interceptors was better than using a BaseAction
object performing the login process. I agree. Still I have some trouble:

This is what happens: I have a JSP that creates a button liked with another
action:

AgencyDetails.jsp
---------------------------------
...
<s:url id="url" value="/rating/Rate">
	<s:param name="staffResourceId"><s:property value="staffResource.id"
/></s:param>
</s:url>
<s:a href="%{url}"><button>Place Rating!</button></s:a><br>
...
---------------------------------

This is the struts.xml configuration for that Action:

rating.xml
---------------------------------
<package name="rating" namespace="/rating" extends="default">
	<default-interceptor-ref name="defaultLoginStack" />
 	<action name="Rate"
class="de.mathiasewald.projektseminar.action.rating.Rate">
                <result>
        	        /rating/Rate.jsp
       	        </result>           	               
        </action>
</package>
---------------------------------

This is the inteceptor stack in struts.xml

---------------------------------
<interceptors>
    <interceptor name="login"
class="de.mathiasewald.projektseminar.interceptor.LoginInterceptor">
   
    </interceptor>
    <interceptor-stack name="defaultLoginStack">
        <interceptor-ref name="login" />
    </interceptor-stack>
</interceptors>
---------------------------------

and finally the LoginInterceptor.java

---------------------------------
public class LoginInterceptor extends AbstractInterceptor implements
StrutsStatics {

	/**
	 * 
	 */
	private static final long serialVersionUID = -6647897949084333127L;
	
	
	private LoginManager loginManager = new LoginManager();
	
	private static final Log log = LogFactory.getLog(LoginInterceptor.class);
	
	private static final String USER_HANDLE = "QUADRAN_USER_SESSSION_HANDLE";
	private static final String LOGIN_ATTEMPT = "QUADRAN_LOGIN_ATTEMPT";
	private static final String USERNAME = "QUADRAN_USERNAME";
	private static final String PASSWORD = "QUADRAN_PASSWORD";

	
	
	public void init () {
		log.info ("Intializing LoginInterceptor");
	}

	public void destroy () {}

	public String intercept (ActionInvocation invocation) throws Exception {
		// Get the action context from the invocation so we can access the
		// HttpServletRequest and HttpSession objects.
		final ActionContext context = invocation.getInvocationContext ();
		HttpServletRequest request = (HttpServletRequest)
context.get(HTTP_REQUEST);
		HttpSession session =  request.getSession (true);

		// Is there a "user" object stored in the user's HttpSession?
		Object user = session.getAttribute (USER_HANDLE);
		if (user == null) {
			// The user has not logged in yet.
			
			// Is the user attempting to log in right now?
			String loginAttempt = request.getParameter (LOGIN_ATTEMPT);
			if (loginAttempt != null && loginAttempt.trim().length() > 0) { // The
user is attempting to log in.
					
				log.info("User tries to log in - processing attempt...");
				
				// Process the user's login attempt.
				if (processLoginAttempt (request, session) ) {
					// The login succeeded send them the login-success page.
					log.info("User " + loginAttempt + " logged in successfully.");
					return invocation.invoke ();
				} else {
					// The login failed. Set an error if we can on the action.
					log.info("Error authenticating user " + loginAttempt);
					Object action = invocation.getAction ();
					if (action instanceof com.opensymphony.xwork2.ValidationAware) {
						((com.opensymphony.xwork2.ValidationAware) action).addActionError
("Username or password incorrect.");
					}
				}
			}

			// Either the login attempt failed or the user hasn't tried to login yet, 
			// and we need to send the login form.
			return "login";
		} else {
			return invocation.invoke ();
		}
	}

	/**
	 * Attempt to process the user's login attempt delegating the work to the 
	 * SecurityManager.
	 */
	public boolean processLoginAttempt (HttpServletRequest request, HttpSession
session) {
		// Get the username and password submitted by the user from the
HttpRequest.
		String username = request.getParameter (USERNAME);
		String password = request.getParameter (PASSWORD);

		// Use the security manager to validate the user's username and password.
		Object user = loginManager.login(username, password);

		if (user != null) {
			// The user has successfully logged in. Store their user object in 
			// their HttpSession. Then return true.
			session.setAttribute (USER_HANDLE, user);
			return true;
		} else {
			// The user did not successfully log in. Return false.
			return false;
		}
	}
	
}
---------------------------------

Clicking the button I showed ealier, the Rate action is invoked and
intercepted by LoginInterceptor. As you can see the Action gets a parameter
"staffResourceId". As I click it the login page shows up and the address bar
of my browser tells
"http://localhost:8080/projektseminar/rating/Rate?staffResourceId=1".
Next, I enter my login credentials, the log tells me I was logged in
successfully, the browser address bar says
"http://localhost:8080/projektseminar/rating/Rate" and the log messages from
the Rate action say that there was no staffResourceId parameter set.

Why is that?

cu
mathias
-- 
View this message in context: http://www.nabble.com/Problem-with-LoginInterceptor-tp24565562p24565562.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message