1

I am developing a web application using struts 2 MVC framework. I am currently working on login module of it. I am new to these technologies. I am facing problems in maintaining sessions. I want that if some one directly hits the url of the profile page(page that is opened on successful login), then he or she is redirected back to the login page. Also if someone login with wrong credentials then again he is redirected back to login page. Also if he enters some login details, then first the credentials must be checked and if credentials r correct, then he session variables must be set. And before profile page is rendered, session variables are checked if they r set. If only the session variables are set, the control passes to the profile page.

Below is my Login form code loginPage.jsp: This page displays the loginpage to the user:

    <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@ taglib prefix="s" uri="/struts-tags" %>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>LOGIN PAGE</title>
</head>
<body>
  <s:form action="login" method="post">
    <s:textfield name="login.username" label="Username"/>
    <s:password name="login.password" label="Password"/>
    <s:submit value="SUBMIT" align="center"/>
    <s:reset value="RESET" align="center"/>
  </s:form>
</body>
</html>

now is my loginAction class: This is my action class corresponding to login action that is produced when the login button is clicked on the login form.

package com.view;
import java.util.Map;
import org.apache.struts2.interceptor.SessionAware;
import com.controller.LoginManager;
import com.model.Login;
import com.model.UserDetails;
public class LoginAction implements SessionAware{
    private Login login;
    private LoginManager loginManager;
    private UserDetails userDetails;
    Map<String,Object> map;
    public LoginAction()
    {
        loginManager=new LoginManager();
    }
    public String loginLink()
    {
        return "loginClicked";
    }
    public String checkLogin()
    {
       try
       {
        //String loggedInUsername=null;
        System.out.println("---------"+login.getUsername());

        /*if(map.containsKey("username"))
        {
            loggedInUsername=(String)map.get("username");
        }*/
        userDetails=loginManager.check(login);
        /*if(loggedInUsername!=null && loggedInUsername==userDetails.getUsername())
        {
            return "loginSuccess";
        }*/
        if(userDetails!=null && userDetails.getUsername()!=null)
        {
            map.put("login",true);
            map.put("username",userDetails.getUsername());
            map.put("name",userDetails.getName());
            map.put("sex",userDetails.getSex());
            map.put("email",userDetails.getEmail());
            map.put("phoneno",userDetails.getPhone_no());
            System.out.println("Inside session map creation that is Successful login");
            return "loginSuccess"; 
        }
        else
        {
            System.out.println("Inside check login with invalid credentials");
            return "loginClicked";
        }
       }catch(Exception ex)
       {
           System.out.println("Inside exception of checkLogin.");
           return "loginClicked";
       }
    }
    public void setLogin(Login login)
    {
        this.login=login;
    }
    public Login getLogin()
    {
        return login;
    }
    @Override
    public void setSession(Map<String, Object> map) {
        this.map=map;
    }
}

loginManager class: This class handles the database part. Login credentials are checked in this class.

package com.controller;
import org.hibernate.Query;
import org.hibernate.classic.Session;
//import java.util.List;
import com.model.Login;
import com.model.UserDetails;
import com.util.HibernateUtil;
public class LoginManager extends HibernateUtil{

        UserDetails userDetails;
        public UserDetails check(Login login)
        {
          Session session = HibernateUtil.getSessionFactory().getCurrentSession();
          session.beginTransaction();
          try
          {
            System.out.println("Inside try block to retrieve from db");
            String hql="FROM UserDetails where username='"+login.getUsername()+"' and password='"+login.getPassword()+"' and role='U'";
            Query query = session.createQuery(hql);
            System.out.println("Query Created");
            userDetails=(UserDetails)query.uniqueResult();
            //System.out.println("Returned Username"+userDetails.getUsername());
            //System.out.println("Returned Password"+userDetails.getPassword());
            session.getTransaction().commit();
          }catch(Exception ex){
              System.out.println("Exception generated is "+ex.getMessage());
              session.getTransaction().rollback();
              userDetails=null;
              ex.printStackTrace();
          }
          return userDetails;
        }
}

Below is my struts.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
   "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
   "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
    <constant name="struts.devMode" value="true" />
    <package name="package2" extends="struts-default">

        <interceptors>
         <interceptor name="myinterceptor" class="interceptors.LoginInterceptor" />
         <interceptor-stack name="myinterceptorSt">
            <interceptor-ref name="myinterceptor" />
            <interceptor-ref name="defaultStack" />
        </interceptor-stack>
        </interceptors>



        <action name="registerLink" class="com.view.RegisterAction" method="registerLink">
            <result name="registerLinkClicked">/registerPage1.jsp</result>
        </action>

        <action name="register" class="com.view.RegisterAction" method="addUser">
            <result name="registered">/registrationSuccess.jsp</result>
        </action>

        <action name="login" class="com.view.LoginAction" method="checkLogin">
            <interceptor-ref name="myinterceptorSt" /> 
            <result name="loginSuccess" type="redirect">/profile.jsp</result>
            <result name="loginFail">/loginFail.jsp</result>
            <result name="loginClicked">/loginPage.jsp</result>
        </action>

        <action name="sessionCheck" class="com.view.SessionCheckAction">
            <result name="sessionCheckSuccess"></result>
        </action>

        <action name="loginLink" class="com.view.LoginAction" method="loginLink">
            <result name="loginClicked">/loginPage.jsp</result>
        </action>

    </package>
</struts>

Can anyone please help me with the interceptor code that should be written in order to implement the functionality specified by me above.

Roman C
  • 49,761
  • 33
  • 66
  • 176
  • The only interceptor code would be to check if there's a valid user logged in on pages that require login. Determining what pages require login can be handled in a wide variety of ways; a secure package, app-specific annotations, using Spring Security, whatever. What's the *specific* issue? – Dave Newton Sep 05 '13 at 12:14
  • @DaveNewton if suppose some hit the profile page url, without logging in, then the profile page jsp will be rendered. but any such action by user should redirect the user to login page. How can i do that? –  Sep 05 '13 at 12:28
  • Write a tiny interceptor that checks for a valid logged-in user and if there isn't one return a redirect result that's the login page. The login page result would likely be a global result. – Dave Newton Sep 05 '13 at 12:29

1 Answers1

2

I read comments and as Dave Newton mentioned, this is interceptor code:

public class LoginInterceptor extends AbstractInterceptor {
@Override
public String intercept(final ActionInvocation invocation) throws Exception {
    Map<String, Object> session = ActionContext.getContext().getSession();

    String username = (String) session.get("username");//getting username from session

    // If the user is already logged-in, then let the request through.
    if (username != null) {
        return invocation.invoke();
    }

    Object action = invocation.getAction();  // get which action class is called

    // for the first action LoginAction interceptor will allow request to be forwarded.
    if (action instanceof LoginAction) {
        return invocation.invoke();
    }
    else {
        return "notAuthorized";
    }
 }
}

Now, add code in your struts.xml below <interceptors></interceptors> 

<global-results>
    <result name="notAuthorized">/loginPage.jsp</result>
</global-results>

This answer is based upon your code. I referred this best post
Here are few links which may help you

  1. session interceptor
  2. package configuration
  3. interceptor
  4. interceptor stack example
    Thanks.
Community
  • 1
  • 1
Aniket Kulkarni
  • 12,825
  • 9
  • 67
  • 90