2

That's it, I code an interceptor login, the result is

<result name="login" type="redirectAction">access</result>

All works ok, but I think that is recalling it, the result go to access and again execute the interceptor and go access etc. I believe that because my browser shows the message:

the page is not redirecting properly.

I'm using Struts 2 and Rest plugin.

This is my interceptor:

@Override
public String intercept(ActionInvocation invocation) throws Exception {

    HttpSession session = ServletActionContext.getRequest().getSession(false);
    Object loginObject = session.getAttribute("login");
    boolean login = false;

    if (loginObject != null) {
        login = (Boolean) loginObject;
        if (!login) {
            return Action.LOGIN;
        } else {
            return invocation.invoke();
        }
    } else {
        return Action.LOGIN;
    }
Roman C
  • 49,761
  • 33
  • 66
  • 176
SerchRac
  • 171
  • 1
  • 12
  • Ok, I got it. I add `@InterceptorRef(value="defaultStack"` _to exclude the execution of your Login Interceptor for the access_ Thanks Andrea. – SerchRac Aug 31 '15 at 09:11
  • glad that helped. Please note that on StackOverflow you don't need to edit your question's title to add SOLVED, instead you need to MARK the right question as ACCEPTED, and eventually to UP-VOTE every question that helped. – Andrea Ligios Aug 31 '15 at 09:58

3 Answers3

2

Expanding on Roman's remark re: setting session values to true and why it's superfluous:

Rather than check for the value of the session value, just check for its presence. On logout remove the session object, either explicitly (if you need other session data to remain) or invalidate the session.

This has the added benefit of reducing your code to approximately this:

public String intercept(ActionInvocation invocation) throws Exception {
    Map    session     = invocation.getInvocationContext().getSession()
    Object loginObject = session.getAttribute("login");

    if (loginObject == null) {
      return LOGIN;
    }

    return invocation.invoke();
}

Regarding getSession(false), it's generally unnecessary to include the boolean argument, since JSP pages will create sessions automatically unless explicitly declared not to.

Dave Newton
  • 158,873
  • 26
  • 254
  • 302
  • Well, related enough I'd say :) – Andrea Ligios Sep 01 '15 at 08:12
  • it's not a comment, but an answer, just forgot to add a link to the code with login interceptor. – Roman C Sep 01 '15 at 15:06
  • 1
    @RomanC By "comment" I'm specifically referring to the last bit of the first sentence, to wit: "[...] which is superfluous". I'm explaining why it's superfluous. Even when I *agree* with you...?! – Dave Newton Sep 01 '15 at 15:13
  • @DaveNewton I understand that you did it with good intentions, but on SO a comment is placed in the special section under post like this, and I didn't write a comment to OP's question. – Roman C Sep 01 '15 at 15:19
  • @RomanC A "comment" can also be a "remark" contained within a larger context. Updated content. – Dave Newton Sep 01 '15 at 15:23
  • you can use SO edit features to mark it as a comment if it's your comment not mine. Anyway I liked that +1 – Roman C Sep 01 '15 at 15:25
1

When you return Action.LOGIN from within the Interceptor, the result is executed, and since the result is of type redirectAction, another request is created and filtered through the Interceptor Stack. Then the execution will trigger again your Interceptor, that is the unwanted result.

You need to exclude the execution of your Login Interceptor for the access action, using the default stack, for example.

<default-interceptor-ref name="myCustomLoginStack"/>

<action name="access" class="foo.bar.actions.Access">
    <result>access.jsp</result>
    <interceptor-ref name="defaultStack" />
</action>

<action name="foobar" class="foo.bar.actions.Foobar">
    <result>foo.jsp</result>
    <result name="login" type="redirectAction">access</result>
</action>
Andrea Ligios
  • 49,480
  • 26
  • 114
  • 243
1

Neither login or access is setting the loginObject to the session, nor they set it to true, which is superfluous. As a result, if you configured this interceptor to the action, it will prevent the action invocation and execution.

Roman C
  • 49,761
  • 33
  • 66
  • 176