This is my Interceptor
code. My aim is to maintain the session for all the URLs, once the logout is done, the user can not able to go for any URL.
import java.util.Map;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
public class AuthenticationInterceptor implements Interceptor {
/**
*
*/
private static final long serialVersionUID = 1L;
public void destroy() {
// TODO Auto-generated method stub
System.out.println("inside the destroy() of interceptor");
}
public void init() {
// TODO Auto-generated method stub
System.out.println("inside the init() of interceptor of new");
}
public String intercept(ActionInvocation ai) throws Exception {
// TODO Auto-generated method stub
System.out.println("inside the interceptor()......new");
if(ai.getAction() instanceof LogoutAction){
Map session = ai.getInvocationContext().getSession();
if (session.get("user")!=null){
System.out.println("inside logout of the session");
return ai.invoke();
}
else{
return "login";
}
}
else
return ai.invoke();
}
this is my logout action code:
package com.uttara.reg;
import java.util.Map;
import org.apache.struts2.interceptor.SessionAware;
import com.opensymphony.xwork2.ActionSupport;
public class LogoutAction extends ActionSupport implements SessionAware {
private Map session;
public void setSession(Map s) {
session = s;
}
@Override
public String execute() throws Exception {
System.out.println("inside execute() of LA");
if(session.get("user")!=null){
session.remove("user");
return "ridirect";
}
return "failure";
}
}
this is my another action file, once the login has done, the user will go to register. My question is, how to check the session here?
import com.opensymphony.xwork2.ActionSupport;
public class RegisterAction extends ActionSupport implements SessionAware {
private static final long serialVersionUID = 1L;
public RegisterAction() {
System.out.println("inside the Register action const.");
}
private RegBean bean;
private Map session;
public RegBean getBean() {
return bean;
}
public void setBean(RegBean bean) {
this.bean = bean;
}
@Override
public String execute() throws Exception {
System.out.println("inside execute method");
System.out.println(bean);
Model m = new Model();
String result = m.register(bean);
if(result.equals(SUCCESS))
return SUCCESS;
else{
addActionError(getText(result));
return "failure";
}
}
@Override
public void validate(){
System.out.println("inside validate method");
}
public void setSession(Map session) {
// TODO Auto-generated method stub
System.out.println("inside setSession");
this.session = session;
}
}
If all your application pages have to be accessed by authenticated user, then you have to redirect the user to login
page in any cases that there is no user
attribute in his/her session.
The problem is in your if
conditions. I Don't know what are you doing in your LogoutAction
, but if it's invalidation user session by removing user
attribute from his/her session, then your if
block should be as this:
public String intercept(ActionInvocation ai) throws Exception {
// TODO Auto-generated method stub
System.out.println("inside the interceptor()......new");
Map session = ai.getInvocationContext().getSession();
if ((session.get("user") != null) ||
((session.get("user") == null) && (ai.getAction() instanceof LoginAction)) {
return ai.invoke();
} else {
return "login";
}
}
This way, user has no choice if he has not passed the login action first. The LogoutAction
action is just any other action in your application and could be called in cases where there is user
attribute in user session.
Your original if
statements checked this condition just in cases where the requested action is logout.