struts2应用程序中的会话

Question

I have created a web application in which I need to maintain the session if a user session is there, and then and only then will it allow the user to see the jsp.

I have worked with jsp servlets before, but I'm new to struts2.

Here I am setting username in my action class :

Revised Code

private HttpSession session;

public void setSession(HttpSession session) {
    // TODO Auto-generated method stub0
    this.session = session;
}

public HttpSession getSession() {
    return session;
}

public String getLoginStatus(){     
    session = request.getSession();
    session.setAttribute("userName", loginBean.getUsername());
    return SUCCESS;
}

Now, when I am redirected to next page after an action, it shows the session value once. After that, on every page, I am finding null values in session.

<%
    String userName = (String)session.getAttribute("userName");             
    System.out.println(userName);                        

    if(userName == null || userName.equals("") ){
        response.sendRedirect("login.jsp");
    }

%>

I read somewhere that the scope of an action class session is limited to one page - how could I solve this problem?

Any example will be very helpful to me.

Answer 1

There are a few problems with the code you currently have.

• You should use an Interceptor to enforce that the user is logged in, rather than trying to enforce it in the JSP. JSP should only be for presentation, not for flow control.
• You should avoid scriptlets (blocks of code) in JSP. That was deprecated a really long time ago and is widely considered to be a very poor practice in an MVC application.
• You can access session values in your JSP directly. You do not need to implement the SessionAware interface in your action unless you need access to the session inside of the action itself.
• You should redirect the user to a login action, not directly to a JSP page, otherwise you are bypassing the Struts2 framework and losing out on the benefits of using the framework.

Login Example

Below is some example code for creating a basic login system using the Struts2 framework.

Login Required

This part is optional, but in general, not all pages in a web application will require the user to be logged in. Therefore, let's create an interface called LoginRequired . Any action that implements this marker interface will redirect to the login page if the user is not already logged in.

Note: You can use an annotation instead, if you prefer, but for this example I will use the interface.

public interface LoginRequired {}

The Interceptor

The interceptor will handle forcing the user to login for any requested action which implements the LoginRequired interface.

public class LoginInterceptor extends AbstractInterceptor {
    @Override
    public String intercept(final ActionInvocation invocation) throws Exception {
        Map<String, Object> session = ActionContext.getContext().getSession();

        // sb: feel free to change this to some other type of an object which
        // represents that the user is logged in. for this example, I am using
        // an integer which would probably represent a primary key that I would
        // look the user up by with Hibernate or some other mechanism.
        Integer userId = (Integer) session.get("userId");

        // sb: if the user is already signed-in, then let the request through.
        if (userId != null) {
            return invocation.invoke();
        }

        Object action = invocation.getAction();

        // sb: if the action doesn't require sign-in, then let it through.
        if (!(action instanceof LoginRequired)) {
            return invocation.invoke();
        }

        // sb: if this request does require login and the current action is
        // not the login action, then redirect the user
        if (!(action instanceof LoginAction)) {
            return "loginRedirect";
        }

        // sb: they either requested the login page or are submitting their
        // login now, let it through
        return invocation.invoke();
    }
}

You will also need a LoginAction which displays and processes the login page and a LogoutAction which invalidates or clears the session.

The Configuration

You will need to add the interceptor to your stack and also create a global result mapping for "loginRedirect".

<interceptors>
    <interceptor name="login" class="your.package.LoginInterceptor"/>

    <!-- sb: you need to configure all of your interceptors here. i'm only
         listing the one we created for this example. -->
    <interceptor-stack name="yourStack">
        ...
        <interceptor-ref name="login"/>
        ...
    </interceptor-stack>
</interceptors>

<global-results>
    <!-- sb: make this the path to your login action.
         this could also be a redirectAction type. -->
    <result name="loginRedirect" type="redirect">/login</url>
</global-results>

Answer 2

To maintain a session use SessionAware interface in your action class and implement int public void setSession(Map m) it will take the attribute as a key value pair in map which can be be access from any where just buy retrieving the key.

for example Action class

import org.apache.struts2.interceptor.SessionAware;

import com.opensymphony.xwork2.ActionSupport;

public class LogingEx extends ActionSupport implements SessionAware{
    private static final long serialVersionUID = 1L;

    private String stuname,stuage,country;
    private int stumarks;
    Map m;

    public String getStuname() {
        return stuname;
    }
    public void setStuname(String stuname) {
        this.stuname = stuname;
    }

    public String getStuage() {
        return stuage;
    }
    public void setStuage(String stuage) {
        this.stuage = stuage;
    }

    public String getCountry() {
        return country;
    }
    public void setCountry(String country) {
        this.country = country;
    }

    public int getStumarks() {
        return stumarks;
    }
    public void setStumarks(int stumarks) {
        this.stumarks = stumarks;
    }

    public void setSession(Map m)
    {
        this.m=m;
    }

    public String execute()
    {
        m.put("a",stuname);
        m.put("b", stuage);
        m.put("c",stumarks);
        m.put("d",country);

        return SUCCESS;
    }

}

SOURCE: http://www.java4s.com/struts-tutorials/example-on-struts-2-sessionaware-interface/

Answer 3

I find no reason to use this kind of Map to authorize user. If your requirement is only validate the user against session then I would recommend to use Filter than some map in some class, the problem with this kind of map is to remove the session objects once session is invalidated, of course you can use HttpSessionListener to make it work but I guess it's best to validate via Filter than Map .

Apart from it you can take a look at many security framework (like Apache Shiro ) to make your task simpler and more robust.

Answer 4

Has your Action class already implemented the SessionAware interface?

EDIT:

Try this(It's a struts2 style solution):

public class anAction implements SessionAware{
    private Map<String, Object> session;
    public Map<String, Object> getSession() {
         return session;
    }
    public void setSession(Map<String, Object> session) {
         this.session = session;
    }
    public String getLoginStatus(){
         session.put("userName", "test");  //Hard code here for testing.
         return SUCCESS;
    }
}

Then use your jsp code to get the userName on page. I've tested this approach on my machine and it works.

EDIT2: BTW, such login check can be done easily and elegant with "Interceptor" provided by Struts2 Framework.

Answer 5

SessionAware implemention not required.

public class LoginAction extends Actionsupport
{
  private Map<String, Object> session;
  //Getter and Setter method
   public String execute() throws Exception {
      session=ActionContext.getContext().getSession();
      session.put("userName", "test");
     return super.execute();
   }
} 

Answer 6

以下期刊文章在Steven回复的同一行中有更多细节http://www.journaldev.com/2210/struts-2-interceptor-tutorial-with-custom-authentication-interceptor-example