struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nitesh Jain" <er.niteshj...@gmail.com>
Subject RE: Login with Struts2
Date Fri, 17 Jul 2009 06:43:53 GMT
Hi,

	I have also implemented login mechanism but I have used Servlet
filter to check the user login status.
I have applied filer on the restricted URI of my application by just a small
configuration in web.xml. 

Regards,

Nitesh Jain

-----Original Message-----
From: Robin Mannering [mailto:robin@mtndesigns.co.uk] 
Sent: 17 July 2009 01:18
To: Struts Users Mailing List
Subject: Re: Login with Struts2

Hi,

I recently implemented a login mechanism but did it slightly differently 
after recommendations from this mailing list to use an interceptor.

Each action/page that requires a validated login is directed via a 
Interceptor.

The sole purpose of the interceptor is to verify the existence of an 
object in the session.  Here is the guts of the method:

    public String intercept(ActionInvocation invocation) throws Exception {
       
        ActionContext ac = invocation.getInvocationContext();
        Map session = ac.getSession();
       
        // retrieve the login status from the session by key name.
        User user = (User) session.get(Constants.USER_SESSION_SCOPE);
       
        // if the user object is non null, the user is logged in.
        if (user != null) {;
            return invocation.invoke();
        }
              
        return "notLoggedIn";
    }

It is then necessary to create a new interceptor stack:

            <interceptor-stack name="my.validationWorkflowStack">
           
                <interceptor-ref name="defaultStack"/>
                <interceptor-ref name="amr.validation"/>
               
            </interceptor-stack>

I also defined a global-result as follows to take care of directing the 
client when not logged in.

        <global-results>
            <result name="notLoggedIn" type="redirectAction">
                <param name="actionName">showLogin</param>
            </result>
        </global-results> 

Finally, here is an example of a protected action using the new 
interceptor stack:

        <action name="showControlPanel">
       
            <!-- Include our validation stack to ensure user is logged 
in -->
            <interceptor-ref name="my.validationWorkflowStack"/>
           
            <result type="freemarker">/controlPanel.ftl</result>
        </action>

You then simply need a regular action to take of the "login" which will 
place a valid object/flag in the session.

Hope this helps


mathias-ewald wrote:
> Hi,
>
> I am trying to implement a login mechanism. I will now explain what I did
> and what error I get but in case there is a more sophisticated way to do
> that - please tell me!
>
> I created a BaseAction which is the parent of all my Actions. The
BaseAction
> is supposed to be responsible for displaying a login page if there is no
> User object in session scope. Then the login form should put the username
> and password into the BaseAction. The BaseAction then tries to find a
match
> in the database and places the User object into session scope:
>
> ---------------------
> public abstract class BaseAction {
>
> 	private String username;
> 	
> 	private String password;
> 	
> 	protected Log log;
> 	
> 	private Boolean loginStatus;
> 	
> 	
> 	public String execute() {
> 		if(log == null) {
> 			log = LogFactory.getLog(getClass());
> 		}
> 				
> 		if(isProtected()) {
> 			Map<String, Object> session =
ActionContext.getContext().getSession();
> 			Object o = session.get("user");
> 			if(o instanceof User) {
> 				loginStatus = true;
> 			} else {
> 				return "login";
> 			}
> 		}
> 		
> 		
> 		return executeAction();
> 	}
>
> 	
> 	public abstract String executeAction();
>
> 	public abstract Boolean isProtected();
> 	
>
> 	public Boolean getLoginStatus() {
> 		return loginStatus;
> 	}
>
> 	public void setLoginStatus(Boolean loginStatus) {
> 		this.loginStatus = loginStatus;
> 	}
>
> 	public String getUsername() {
> 		return username;
> 	}
>
> 	public void setUsername(String username) {
> 		this.username = username;
> 	}
>
> 	public String getPassword() {
> 		return password;
> 	}
>
> 	public void setPassword(String password) {
> 		this.password = password;
> 	}
> }
> ---------------------
>
> An Action that wants to be password protected must implement
#isProtected()
> to return "true". This is my JSP file that is shown if #isProtected() ==
> true and there's no User in session scope:
>
> ---------------------
> ...
> <s:form>
> 	<s:textfield label="Username"
name="userData.username"></s:textfield>
> 	<s:password label="Password" name="userData.password"></s:password>
> 	<s:submit></s:submit>
> </s:form>
> ...
> ---------------------
>
> This is the error I get
>
> ---------------------
> 20:35:42,179  WARN OgnlValueStack:49 - Error setting value
> ognl.OgnlException: target is null for setProperty(null, "password",
> [Ljava.lang.String;@1f22dad5)
> 	at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:1651)
> 	at ognl.ASTProperty.setValueBody(ASTProperty.java:101)
> 	at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
> 	at ognl.SimpleNode.setValue(SimpleNode.java:246)
> 	at ognl.ASTChain.setValueBody(ASTChain.java:172)
> 	at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
> 	at ognl.SimpleNode.setValue(SimpleNode.java:246)
> 	at ognl.Ognl.setValue(Ognl.java:476)
> ...
> ---------------------
>
>
> Why is that happening?
>
> cu
> mathias
>   
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com 
> Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date: 07/15/09
17:58:00
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message