How to do URL authentication in struts2

Question

I am using struts2.1.6 + Spring 2.5 I have four modules in my application.

1. Registration Module
2. Admin Module
3. Quote Module
4. Location Module.

In registration module the customer can register himself and only after registering he is supposed to have access of the remaining three modules.

I want to implement something like if the action being called belongs to the registration module it will work as normal but if the action being called belongs to the rest of those three modules it first should check if the user is logged-in and session has not timed-out. if yes it should proceed normally otherwise it should redirect to the login page.

Through research I have found out that interceptors could be used for this purpose but before proceeding I thought its better to get some feedback on it from experts.

Please suggest how it should be done and If possible put some code suggestions.

Here is my file(The struts.xml contains four different config files belonging to each module): 文件（struts.xml包含属于每个模块的四个不同的配置文件）：

    <struts>
    <include file="struts-default.xml" />
    <constant name="struts.i18n.reload" value="false" />
    <constant name="struts.objectFactory" value="spring" />
    <constant name="struts.devMode" value="false" />
    <constant name="struts.serve.static.browserCache" value="false" />
    <constant name="struts.enable.DynamicMethodInvocation" value="true" />
    <constant name="struts.multipart.maxSize" value="10000000" />
    <constant name="struts.multipart.saveDir" value="C:/Temporary_image_location" />

    <include file="/com/action/mappingFiles/registration_config.xml" />
    <include file="/com/action/mappingFiles/admin_config.xml" />
    <include file="/com/action/mappingFiles/quote.xml" />
    <include file="/com/action/mappingFiles/location_config.xml" />

</struts>

The sample file is: 文件是：

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
    <package name="registration" extends="struts-default"
        namespace="/my_company">

        <action name="LoginView" class="registration" method="showLoginView">
            <result>....</result>
            <result name="input">...</result>
        </action>
         </package>
</struts>

The sample file is: 文件为：

<?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd">
    <struts>
        <package name="admin" extends="struts-default"
            namespace="/my_company">

            <action name="viewAdmin" class="admin" method="showAdminView">
                <result>....</result>
                <result name="input">...</result>
            </action>
             </package>
    </struts>

Same code is there in the rest of two struts2 xml config files. I have used the same namespace in all the four config files with the different package names(As you can see)

Answer 1

Note: standard practice is to use a different namespace for each package, eg "/my_company/admin" for the admin package, etc.

Using interceptors is the right approach: it decouples authentication from the actions themselves. You can define two different interceptor stacks, one that requires the user to be logged in, and one which doesn't. Start by copying the interceptor stack from struts-default.xml, and then customize to your requirements. These definitions can be placed in an abstract base package:

<package name="my-base" abstract="true" extends="struts-default">
    <interceptors>
        <interceptor-stack name="login-required">
            <interceptor-ref name="exception"/>
            <interceptor-ref name="alias"/>
            <!-- etc -->
        </interceptor-stack>
        <interceptor-stack name="login-not-required">
            <!-- etc -->
        </interceptor-stack>
    </interceptors>
</package>

Then your other packages just need to extend this base package:

<package name="admin" extends="my-base" namespace="/my_company/admin">
    <default-interceptor-ref name="login-required"/>

    <!-- actions defined here -->
</package>