Spring Security Interceptors with struts

Posted: January 5, 2013 in Java Posts
Tags: , , , , , ,

Spring Interceptors : It has the ability to pre-handle and post-handle the web requests.

Struts.xml:


<?xml version="1.0" encoding="UTF-8"?>

<!--DOCTYPE struts PUBLIC
 "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
 "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
 <include file="struts-default.xml" />
 <package name="default" extends="struts-default">
     <interceptors>
        <interceptor name="bean-scope"/>
        <interceptor name="params"
           />
        <interceptor name="userAuthentication"
           />

        <interceptor-stack name="authStach">
           <interceptor-ref name="bean-scope"/>
           <interceptor-ref name="userAuthentication"/>
           <interceptor-ref name="defaultStack"/>
        </interceptor-stack>
     </interceptors>

     <action name="myProfile"class="com.myproject.application.action.EntrepreneurAction"
                method="profile">
        <interceptor-ref name="authStach"/>
        <result name="success" type="tiles" >pages/myProfile.jsp</result>
     </action>
 </package>
</struts>


package com.myproject.application.interceptor;

import com.myproject.application.model.User;

public class AllRoleAuthenticationInterceptor extends UserAuthenticationInterceptor {

    private static final long serialVersionUID = -5932013298987566795L;
    @Override
    public boolean isAllowed(User user) {
      return true;
    }
}


package com.myproject.application.interceptor;

import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts2.ServletActionContext;
import com.cofundit.application.action.constants.ActionConstants;
import com.cofundit.application.model.User;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;

/**
* A base class for authenticating all the users.
* Needs to override the isAllowed method to control the access
*/
public class UserAuthenticationInterceptor extends AbstractInterceptor{

   private static final long serialVersionUID = 6487648946271825850L;
   @Override
   public String intercept(ActionInvocation invocation) throws Exception {
      Map<string, object=""> session = invocation.getInvocationContext().getSession();
      User user = (User) session.get(“user”);
      User adminUser=(User) session.get(”ADMIN_USER”);
      if ((user != null && isAllowed(user)) || (adminUser != null && isAllowed(adminUser))) {
         invocation.invoke();
      }
      HttpServletRequest request = ServletActionContext.getRequest();
      String requestedUrl = request.getRequestURL().toString();
      if (request.getQueryString() != null) {
         requestedUrl += "?" + request.getQueryString();
      }
      session.put(”last_requested_url”, requestedUrl);
      return "user_login";
   }

   public boolean isAllowed(User user){
     return false;
   }
}
Advertisements
Comments

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s