Do we need StrutsPrepareAndExecuteFilter customization in Struts2?

Question

We are using Struts2 StrutsPrepareAndExecuteFilter. The configuration in web.xml is:

<filter>
    <filter-name>struts2</filter-name>
    <filter-class>
        org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
    </filter-class>
    <init-param>
      <param-name>struts.devMode</param-name>
      <param-value>true</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

We need to implement authentication/permission inside this common interceptor.

What will be the easy way for it? Can we create a customized interceptor which extends StrutsPrepareAndExecuteFilter and do our implementation inside that?

Answer 1

You should never do a customization of org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.

Even if it's not final and not package protected like in other frameworks, extending that filter is not necessary.

You should learn basics of the Struts2 architecture. from the Nutshell.

you can see the basic Struts2 flow. Struts2 is implemented as a filter to handle all requests and dispatch them to actions through a stack of interceptors that leverage most of the functionality and features of Struts2 framework.

So if you want to add some feature like authentication, then you should first think about extending it via the authentication interceptor. This interceptor should be configured to be invoked on every action from the incoming requests. See how it's done in struts2 adding interceptors in struts.xml for all action class.

Latter there's a link that you could use to write a custom interceptor for authentication purposes. See Is there a way to redirect to another action class without using on struts.xml