0

I'm new to Java programming and I'm trying to develop a web app with Struts2, JSP and jQuery with manual JDBC connection to PLSQL with JNDI implementation method.

I'm trying to understand how to implement session management in Struts 2. I saw a few examples where the action class implements the SessionAware interceptor like this and another example where the ServletRequestAware interceptor is implemented.

Can someone explain to me which method to use. What is the difference between the two, which would you use and why? My requirement is pretty simple. I have a web app that is completely login based. As in only the login page is public and rest all is under user authentication. There are 2 user roles - Admin and General. Based on the login role they are either directed to page 1,2 that is Admin only or pages 3,4 which is general only. How do I implement this using session management concepts in Struts2?

Thanks!

jasonlam604
  • 1,456
  • 2
  • 16
  • 25
rr87
  • 185
  • 5
  • 18

1 Answers1

0

SessionAware gives you a session attribute map.

ServletRequestAware gives you an HttpServletRequest.

Kind of like their names imply. Understanding the differences by reading their documentation.

There are any number of ways to implement login/etc. in S2, you can role your own by putting a user object in session during the login process and removing it during logout, and have an interceptor that checks for the presence of a valid user object in session.

You could use Spring Security and save some work regarding roles and so on, although to be honest, if you're not using Spring, it's nearly as easy to write some very simple annotations and have the interceptor deal with those.

Dave Newton
  • 158,873
  • 26
  • 254
  • 302
  • So i use ServletRequestAware for most of my DB operations and SessionAware to maintain my user log info and other things i want to maintain through out the "user session with the web app". **Can you give me an example of how to implement login using the method you mentioned, the interceptor and adding user object to session????** – rr87 Aug 31 '12 at 19:59
  • @rr87 Is that a question? You should almost *never* need ServletRequestAware, and it ties your actions to the servlet spec, making almost everything more irritating than necessary. I have no idea what an HttpServletRequest has to do with DB operations. – Dave Newton Aug 31 '12 at 20:01
  • Hmmm that was an assumption based on an answer to another question here [link](http://stackoverflow.com/questions/4640721/servlets-setattribute-in-httpservletrequest-vs-setattribute-in-httpsession) – rr87 Aug 31 '12 at 20:04
  • @rr87 There's nothing in there about DB operations at all; it's just not related. – Dave Newton Aug 31 '12 at 20:36