Re: Login with Struts2

Thu, 16 Jul 2009 12:48:43 -0700 

Hi,
I recently implemented a login mechanism but did it slightly differently after recommendations from this mailing list to use an interceptor. 


Each action/page that requires a validated login is directed via a 
Interceptor.



The sole purpose of the interceptor is to verify the existence of an 
object in the session.  Here is the guts of the method:


   public String intercept(ActionInvocation invocation) throws Exception {

      
       ActionContext ac = invocation.getInvocationContext();

       Map session = ac.getSession();

      
       // retrieve the login status from the session by key name.

       User user = (User) session.get(Constants.USER_SESSION_SCOPE);

      
       // if the user object is non null, the user is logged in.

       if (user != null) {;
           return invocation.invoke();
       }

             
       return "notLoggedIn";

   }

It is then necessary to create a new interceptor stack:

           <interceptor-stack name="my.validationWorkflowStack">

          
               <interceptor-ref name="defaultStack"/>

               <interceptor-ref name="amr.validation"/>

              
           </interceptor-stack>



I also defined a global-result as follows to take care of directing the 
client when not logged in.


       <global-results>
           <result name="notLoggedIn" type="redirectAction">
               <param name="actionName">showLogin</param>
           </result>

       </global-results> 

Finally, here is an example of a protected action using the new 
interceptor stack:


       <action name="showControlPanel">

      
           <!-- Include our validation stack to ensure user is logged 
in -->

           <interceptor-ref name="my.validationWorkflowStack"/>

          
           <result type="freemarker">/controlPanel.ftl</result>

       </action>


You then simply need a regular action to take of the "login" which will 
place a valid object/flag in the session.


Hope this helps


mathias-ewald wrote:

Hi,

I am trying to implement a login mechanism. I will now explain what I did
and what error I get but in case there is a more sophisticated way to do
that - please tell me!

I created a BaseAction which is the parent of all my Actions. The BaseAction
is supposed to be responsible for displaying a login page if there is no
User object in session scope. Then the login form should put the username
and password into the BaseAction. The BaseAction then tries to find a match
in the database and places the User object into session scope:

---------------------
public abstract class BaseAction {

        private String username;
        
        private String password;
        
        protected Log log;
        
        private Boolean loginStatus;
        
        
        public String execute() {
                if(log == null) {
                        log = LogFactory.getLog(getClass());
                }
                                
                if(isProtected()) {
                        Map<String, Object> session = 
ActionContext.getContext().getSession();
                        Object o = session.get("user");
                        if(o instanceof User) {
                                loginStatus = true;
                        } else {
                                return "login";
                        }
                }
                
                
                return executeAction();
        }

        
        public abstract String executeAction();

        public abstract Boolean isProtected();
        

        public Boolean getLoginStatus() {
                return loginStatus;
        }

        public void setLoginStatus(Boolean loginStatus) {
                this.loginStatus = loginStatus;
        }

        public String getUsername() {
                return username;
        }

        public void setUsername(String username) {
                this.username = username;
        }

        public String getPassword() {
                return password;
        }

        public void setPassword(String password) {
                this.password = password;
        }
}
---------------------

An Action that wants to be password protected must implement #isProtected()
to return "true". This is my JSP file that is shown if #isProtected() ==
true and there's no User in session scope:

---------------------
...
<s:form>
        <s:textfield label="Username" name="userData.username"></s:textfield>
        <s:password label="Password" name="userData.password"></s:password>
        <s:submit></s:submit>
</s:form>
...
---------------------

This is the error I get

---------------------
20:35:42,179  WARN OgnlValueStack:49 - Error setting value
ognl.OgnlException: target is null for setProperty(null, "password",
[Ljava.lang.String;@1f22dad5)
        at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:1651)
        at ognl.ASTProperty.setValueBody(ASTProperty.java:101)
        at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
        at ognl.SimpleNode.setValue(SimpleNode.java:246)
        at ognl.ASTChain.setValueBody(ASTChain.java:172)
        at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
        at ognl.SimpleNode.setValue(SimpleNode.java:246)
        at ognl.Ognl.setValue(Ognl.java:476)
...
---------------------


Why is that happening?

cu
mathias

  
------------------------------------------------------------------------



No virus found in this incoming message.

Checked by AVG - www.avg.com 
Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date: 07/15/09 17:58:00



  






















					Reply via email to