How to redirect to homepage.do when user has no right to access a page in struts?

Question

My application is using struts 1 and the pages are role-protected (i.e.: a user cannot access a page if his role doesn't allow him) using the attribute "roles" of the action path in the struts-config.xml:

<action path="/ProtectedPageAction" type="org.apache.struts.actions.ForwardAction"
    parameter="ProtectedPage" roles="admin" />

this way, if a user is either not logged in or doesn't have the role "admin", he sees the homepage instead of the protected page.

Now, all of this works perfectly, the only problem being that the URL in the browser (hence the value of servlet_path) is not "homepage.do" but "ProtectedPageAction.do" or, in other words, the servlet_path is not "in sync" with the shown page.

I need to work with the value of servlet_path hence when the user is not authorised to see a page, the url shown in the browser must be "homepage.do" and not "ProtectedPageAction.do"; this is also for security reason: if a user notices "ProtectedPageAction.do" in the URL might start wondering what's that for and how to access it etc.

so, add the forward attribute redirect="true" and return that forward — Roman C, Feb 06 '13 at 20:44
@Pierpaolo No, that won't work as for the action tag has not such attr. — Roman C, Feb 07 '13 at 15:33

Roman C · Answer 1 · 2013-02-07T16:05:59.287

Redirects usually done via setting the action forward attribute redirect="true". In your case you need to create action

public class RedirectAction extends ForwardAction {
  @Override
  public ActionForward execute(
    ActionMapping mapping,
    ActionForm form,
    HttpServletRequest request,
    HttpServletResponse response)
    throws Exception {

    // Create a RequestDispatcher the corresponding resource
    String path = mapping.getParameter();

    if (path == null) {
        throw new ServletException(messages.getMessage("forward.path"));
    }

    // Let the controller handle the request
    ActionForward retVal = new ActionForward(path, true);
    retVal.setContextRelative(true);

    return retVal;
  }
}

or naturally use the configuration

<action path="/ProtectedPageAction" type="org.yourname.struts.actions.ProtectedPageAction"
    parameter="ProtectedPage" roles="admin">
  <forward name="success" path="/Homepage.do" redirect="true"/>
</action>

public class ProtectedPageAction extends Action {
  @Override
  public ActionForward execute(
    ActionMapping mapping,
    ActionForm form,
    HttpServletRequest request,
    HttpServletResponse response)
    throws Exception {

    // Let the controller handle the request
    ActionForward retVal = mapping.findForward("success");
    retVal.setContextRelative(true);

    return retVal;
  }
}

How to redirect to homepage.do when user has no right to access a page in struts?

1 Answers1