February 2005
Intermediate to advanced
528 pages
12h 53m
English
You need to ensure that users are logged in before they can access certain actions.
Create a base
Action, like the one
shown in Example 11-1, which implements the security
policy.
Example 11-1. Enforcing authentication with a base action
package com.oreilly.strutsckbk.ch11;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.webapp.example.Constants;
import org.apache.struts.webapp.example.User;
public abstract class SecureAction extends Action {
// final so cannot be overridden
public final ActionForward execute(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
HttpSession session = request.getSession( );
User user = (User) session.getAttribute(Constants.USER_KEY);
// send back to the logon page if no user
if (user == null) return (mapping.findForward("logon"));
return doExecute(mapping, form, request, response, user);
}
public abstract ActionForward doExecute(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response,
User user) throws Exception;
}Concrete Actions that require this policy extend
the base SecureAction, shown in Example 11-2