如果有人未登录struts2，如何防止任何页面加载

Question

I have been googling from week now. Still have not got any solution which resolves my problem. My strtus2 web application is simple. There is a login page once the login is successful then it has to redirect to the success page. But my problem is if i right click on the success.jsp and run that page, still that page is loading without any session but my requirement is success.jsp should never get loaded rather it should redirect to the login.jsp page.

login.jsp:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@taglib uri="/struts-tags" prefix="s"%> 
<s:form action="login"> 
<s:textfield name="username" label="User Name"/> 
<s:password name="password" label="Password"/> 
<s:submit value="Login"/> 
</body>
</html>

my pojo class for Login.

package com.cm.ccb.login;

public class Login {
private int userid;
private String username;
private double password;
private String email;
private double phone;
public int getUserid() {
return userid;
}
public void setUserid(int userid) {
this.userid = userid;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public double getPassword() {
return password;
}
public void setPassword(double password) {
this.password = password;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public double getPhone() {
return phone;}
public void setPhone(double phone) {
this.phone = phone;
}
}

My loginAction class.

package com.cm.ccb.login;

import java.util.Map;

import org.apache.struts2.dispatcher.SessionMap;
import org.apache.struts2.interceptor.SessionAware;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;
public class LoginAction extends ActionSupport  implements SessionAware { 
private static final long serialVersionUID = 1L; 
private String username; 
private String password;
Map<String, Object> session;

SessionMap<String,String> sessionmap;  
LoginDao dao=new LoginDao(); 
@Override
public void validate(){ 
if(username.length()==(0)) 
this.addFieldError("username", "Name is required"); 
if(password.length()==(0)) 
this.addFieldError("password", "Password is required"); 
} 
@Override
public String execute(){

if(dao.find(getUsername(),getPassword())) {
return "success";

}
else

return "error"; 
} 

public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() { 
return password; 
} 
public void setPassword(String password) { 
this.password = password; 
}
public void setSession(Map<String, Object> session) {
this.session = session;

}

}

My loginDao class

package com.cm.ccb.login;
import java.util.Iterator;
import java.util.List;

import org.hibernate.Query;
import org.hibernate.Session;

import com.cm.ccb.mapping.HibernateUtil;

public class LoginDao { 

@SuppressWarnings("unchecked") 
public boolean find(String username, String password) { 
Session session = HibernateUtil.getSessionFactory().openSession(); 

String SQL_QUERY = " from Login l where l.username='"+username+"' and l.password='"+password+"'"; 
System.out.println(SQL_QUERY); 
Query query = session.createQuery(SQL_QUERY); 
Iterator<Login> it = query.iterate(); 
List<Login> list = query.list(); 
if (list.size() > 0) {


return true; 
} 

return false; 
}
} 

my success.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@taglib uri="/struts-tags" prefix="s"%> 
success

</body>
</html>

Answer 1

There are many ways to achieve this, but I am explaining one way to store session value.

Step 1 In your Login Action when users login put username in session if username and password are correct.

 Map<String,Object> session = ActionContext.getContext().getSession();

 session.put("username", username);

Step 2 Implement Interceptor Which checks this session value. Create package Interceptors and create a class AuthorizationInterceptor.java in it.

package Interceptors;

import org.apache.struts2.dispatcher.SessionMap;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;

public class AuthorizationInterceptor implements Interceptor {

private static final long serialVersionUID = 1841289944579731267L;

@Override
public void destroy() {
    // TODO Auto-generated method stub

}

@Override
public void init() {
    // TODO Auto-generated method stub

}

@Override
public String intercept(ActionInvocation inv) throws Exception {
    ActionContext context = inv.getInvocationContext();

    //for login and register actions ignore checking
    if(context.getName().equalsIgnoreCase("login") || context.getName().equalsIgnoreCase("register"))
    {
        return inv.invoke();
    }
    SessionMap<String,Object> map = (SessionMap<String,Object>) inv.getInvocationContext().getSession();
    if(map==null)
    {
        return "login"; 
    }
    Object user = map.get("username");      
    if(user==null ||user.equals("") || map.isEmpty() || map == null ){                  
        return "login";     
    }

    return inv.invoke();
}

}

Step 3: Configure this interceptor in struts.xml

<package name="mydefault" namespace="/" extends="struts-default">

    <interceptors>
        <interceptor name="Authorizeuser" class="Interceptors.AuthorizationInterceptor"></interceptor>

        <interceptor-stack name="myStack">
            <interceptor-ref name="defaultStack" />
            <interceptor-ref name="Authorizeuser" />
        </interceptor-stack>
    </interceptors>

    <default-interceptor-ref name="myStack" />
    <global-results>
          <result name="login">login.jsp</result>
     </global-results>

    ...your Actions here....
</package>

Up to this it will prevent action urls if user is not logged in

Step 4 Prevent jsps -> Put following code in the jsp you want to prevent eg success.jsp

 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@taglib uri="/struts-tags" prefix="s"%> 
 < %
    HttpSession sess = request.getSession(true);
    if (sess.getAttribute("username")==null)
    {
    % >
        <jsp:forward page="/login.jsp?msg=You will have to login first in order to access other pages"></jsp:forward>
    < %
    }
% >
<html>
    <body>
        success
    </body>
</html>

Note: Instead of using session, you can also use cookies,context variables etc.

Answer 2

You can solve your problem by using cookies..On your login page at the time of login, add a new cookie. Now on your success.jsp page check that cookie for null value..if it is, redirect again to login.jsp

Let's say you added a cookie named userid on your login page as

 Cookie ck=new Cookie("usrid",userid);
 response.addCookie(ck);

Now on your success.jsp page you can check it for null value as :

 String userid = "";
 try 
 {
      Cookie[] ck = request.getCookies();
      for (int i = 0; i < ck.length; i++) 
      {
          if (ck[i].getName().equals("usrid")) 
          {
              userid = ck[i].getValue();
              break;
          }
      }
 } 
 catch (Exception ex) 
 {
     if (userid.equalsIgnoreCase("")) //if your cookie is null it will be redirected to login.jsp
     {
          response.sendRedirect("login.jsp");
     }
 }

This way, whenever you try to open success.jsp ,it will be redirected to login.jsp if you have not logged in