struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mathias-ewald <>
Subject Problem with LoginInterceptor
Date Mon, 20 Jul 2009 08:09:43 GMT


recently I was told using Interceptors was better than using a BaseAction
object performing the login process. I agree. Still I have some trouble:

This is what happens: I have a JSP that creates a button liked with another

<s:url id="url" value="/rating/Rate">
	<s:param name="staffResourceId"><s:property value=""
<s:a href="%{url}"><button>Place Rating!</button></s:a><br>

This is the struts.xml configuration for that Action:

<package name="rating" namespace="/rating" extends="default">
	<default-interceptor-ref name="defaultLoginStack" />
 	<action name="Rate"

This is the inteceptor stack in struts.xml

    <interceptor name="login"
    <interceptor-stack name="defaultLoginStack">
        <interceptor-ref name="login" />

and finally the

public class LoginInterceptor extends AbstractInterceptor implements
StrutsStatics {

	private static final long serialVersionUID = -6647897949084333127L;
	private LoginManager loginManager = new LoginManager();
	private static final Log log = LogFactory.getLog(LoginInterceptor.class);
	private static final String USER_HANDLE = "QUADRAN_USER_SESSSION_HANDLE";
	private static final String LOGIN_ATTEMPT = "QUADRAN_LOGIN_ATTEMPT";
	private static final String USERNAME = "QUADRAN_USERNAME";
	private static final String PASSWORD = "QUADRAN_PASSWORD";

	public void init () { ("Intializing LoginInterceptor");

	public void destroy () {}

	public String intercept (ActionInvocation invocation) throws Exception {
		// Get the action context from the invocation so we can access the
		// HttpServletRequest and HttpSession objects.
		final ActionContext context = invocation.getInvocationContext ();
		HttpServletRequest request = (HttpServletRequest)
		HttpSession session =  request.getSession (true);

		// Is there a "user" object stored in the user's HttpSession?
		Object user = session.getAttribute (USER_HANDLE);
		if (user == null) {
			// The user has not logged in yet.
			// Is the user attempting to log in right now?
			String loginAttempt = request.getParameter (LOGIN_ATTEMPT);
			if (loginAttempt != null && loginAttempt.trim().length() > 0) { // The
user is attempting to log in.
"User tries to log in - processing attempt...");
				// Process the user's login attempt.
				if (processLoginAttempt (request, session) ) {
					// The login succeeded send them the login-success page."User " + loginAttempt + " logged in successfully.");
					return invocation.invoke ();
				} else {
					// The login failed. Set an error if we can on the action."Error authenticating user " + loginAttempt);
					Object action = invocation.getAction ();
					if (action instanceof com.opensymphony.xwork2.ValidationAware) {
						((com.opensymphony.xwork2.ValidationAware) action).addActionError
("Username or password incorrect.");

			// Either the login attempt failed or the user hasn't tried to login yet, 
			// and we need to send the login form.
			return "login";
		} else {
			return invocation.invoke ();

	 * Attempt to process the user's login attempt delegating the work to the 
	 * SecurityManager.
	public boolean processLoginAttempt (HttpServletRequest request, HttpSession
session) {
		// Get the username and password submitted by the user from the
		String username = request.getParameter (USERNAME);
		String password = request.getParameter (PASSWORD);

		// Use the security manager to validate the user's username and password.
		Object user = loginManager.login(username, password);

		if (user != null) {
			// The user has successfully logged in. Store their user object in 
			// their HttpSession. Then return true.
			session.setAttribute (USER_HANDLE, user);
			return true;
		} else {
			// The user did not successfully log in. Return false.
			return false;

Clicking the button I showed ealier, the Rate action is invoked and
intercepted by LoginInterceptor. As you can see the Action gets a parameter
"staffResourceId". As I click it the login page shows up and the address bar
of my browser tells
Next, I enter my login credentials, the log tells me I was logged in
successfully, the browser address bar says
"http://localhost:8080/projektseminar/rating/Rate" and the log messages from
the Rate action say that there was no staffResourceId parameter set.

Why is that?

View this message in context:
Sent from the Struts - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message