0

I am trying to understand Struts2 Interceptors. So please excuse if my questions are dumb.

I guess that interceptors are specific to an action class (that means before calling a specific action class, they get invoked).

For example:

<action name="test" class="com.jranch.Test">
    <interceptor-ref name="GuiStack”/>
    <result name="success">/secure.jsp</result>
</action>

My question is: Assume a scenario where pictures in a website must be protected from unauthorized access (Means if the user directly enters an URL in the browser, they should not be allowed to see the pictures until they are logged in).

My view is that if its related to Servlet Filters, I can write a simple filter by putting url-pattern tag to /* to check all requests. Can Struts2 interceptors handle this as I guess they are specific to action class?

Please correct me if i am wrong.

Steven Benitez
  • 10,936
  • 3
  • 39
  • 50
Pawan
  • 31,545
  • 102
  • 256
  • 434
  • Actions belong to a package, most often interceptors are grouped into a stack of interceptors and then applied to a package. You can all so apply interceptors to a specific action, as you've shown. The book "struts2 in action" shows how to implement basic security like you're asking for and explains what you need to understand it (the solution is pretty much what umesh provided). Since I mentioned one book it is only fair to mention "Apache Struts 2 Web application development" if you need to get up to speed quickly, might as well order both. – Quaternion Sep 16 '11 at 07:08

2 Answers2

1

Interceptors aren't necessarily specific to an action -- in fact, in most cases, they're applied to many actions or globally to all actions (very similar a servlet filter).

This answer talks about how to use an interceptor for authentication in a Struts2 application.

Community
  • 1
  • 1
Steven Benitez
  • 10,936
  • 3
  • 39
  • 50
  • Thanks Steven Benitez , but that link help me at all , its a Login Interceptor which was written specif to a class , my question was how can i redirect a Loggedout user , if he directly enters http:myserver/Testing/Img2.jpg . – Pawan Sep 16 '11 at 05:53
  • 1
    If that is the question, you aught to take everything after "my question was" and put it in the question. – Quaternion Sep 16 '11 at 07:15
  • Yeah, please work on very clearly explaining what question you are asking in your original question. The interceptor in that question _does_ show how to redirect a user who is not logged in to a login page, rather than showing them what was requested. – Steven Benitez Sep 16 '11 at 12:24
1

Well As Steven told Interceptors are not specific to any Action, they in fact are the core of Struts2 framework Interceptors are a set of reusable components.In all cases they are Applied to a request processing cycle which includes from Exception Handling to Role handling. Its very trivial use case when one will write a Interceptor for a particular Action.

Use case you are talking about can be handled by Interceptor where for each request for a particular resources can be first intercepted by the Interceptor and based on out custom criteria whom to allow access we either forward the request down the calling stack or can reject the request.

public String intercept (ActionInvocation invocation) throws Exception {
    final ActionContext context = invocation.getInvocationContext ();
    Map<String, Object> session = ActionContext.getContext().getSession();
     Object user = session.getAttribute (USER_HANDLE);
    if (user == null) {

                //Any processing
               return "login";   //User is not logged in so ask him/her to login
    } else {
        return invocation.invoke ();  //user is trusted one let her go ahead
    }
}
Umesh Awasthi
  • 23,407
  • 37
  • 132
  • 204