javasessionstruts2actioninterceptor

How to track the session for all URLs in Struts 2


This is my Interceptor code. My aim is to maintain the session for all the URLs, once the logout is done, the user can not able to go for any URL.

import java.util.Map;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
public class AuthenticationInterceptor implements Interceptor {
    /**
     * 
     */
    private static final long serialVersionUID = 1L;
    
    public void destroy() {
        // TODO Auto-generated method stub
        System.out.println("inside the destroy() of interceptor");
    }
    public void init() {
        // TODO Auto-generated method stub
        System.out.println("inside the init() of interceptor of new");
    }
    public String intercept(ActionInvocation ai) throws Exception {
        // TODO Auto-generated method stub
        System.out.println("inside the interceptor()......new");
        if(ai.getAction() instanceof LogoutAction){
            Map session = ai.getInvocationContext().getSession();
            if (session.get("user")!=null){
                System.out.println("inside logout of the session");
                return ai.invoke();
            }
            else{
                return "login";
            }
        }
        else
        return ai.invoke();

    }

this is my logout action code:

 package com.uttara.reg;
    
    import java.util.Map;
    
    import org.apache.struts2.interceptor.SessionAware;
    
    import com.opensymphony.xwork2.ActionSupport;
    
    public class LogoutAction extends ActionSupport implements SessionAware {
    
        private Map session;
        public void setSession(Map s) {
            session = s;
        }
        
        @Override
        public String execute() throws Exception {
            System.out.println("inside execute() of LA");
            if(session.get("user")!=null){  
                session.remove("user");
            return "ridirect";
            }
            return "failure";
        }
    
    }

this is my another action file, once the login has done, the user will go to register. My question is, how to check the session here?

import com.opensymphony.xwork2.ActionSupport;
public class RegisterAction extends ActionSupport implements SessionAware { 
private static final long serialVersionUID = 1L;
public RegisterAction() {
    System.out.println("inside the Register action const.");
}
private RegBean bean;
private Map session;
public RegBean getBean() {
    return bean;
}
public void setBean(RegBean bean) {
    this.bean = bean;
}
@Override
    public String execute() throws Exception {
     System.out.println("inside execute method");
     System.out.println(bean);
        Model m = new Model();
        String result = m.register(bean);
        if(result.equals(SUCCESS))
            return SUCCESS;
        else{
            addActionError(getText(result));
            return "failure";
        }
    }
@Override
    public void validate(){
     System.out.println("inside validate method");
        
    }
public void setSession(Map session) {
    // TODO Auto-generated method stub
    System.out.println("inside setSession");
    this.session = session;
}

}


Solution

  • If all your application pages have to be accessed by authenticated user, then you have to redirect the user to login page in any cases that there is no user attribute in his/her session. The problem is in your if conditions. I Don't know what are you doing in your LogoutAction, but if it's invalidation user session by removing user attribute from his/her session, then your if block should be as this:

    public String intercept(ActionInvocation ai) throws Exception {
        // TODO Auto-generated method stub
        System.out.println("inside the interceptor()......new");
        Map session = ai.getInvocationContext().getSession();
        if ((session.get("user") != null) || 
            ((session.get("user") == null) && (ai.getAction() instanceof LoginAction)) {
            return ai.invoke();
        } else {
            return "login";
        }
    }
    

    This way, user has no choice if he has not passed the login action first. The LogoutAction action is just any other action in your application and could be called in cases where there is user attribute in user session.

    Your original if statements checked this condition just in cases where the requested action is logout.