Spring Security Interceptors with struts

Posted: January 5, 2013 in Java Posts
Tags: , , , , , ,

Spring Interceptors : It has the ability to pre-handle and post-handle the web requests.


<?xml version="1.0" encoding="UTF-8"?>

 "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"

 <include file="struts-default.xml" />
 <package name="default" extends="struts-default">
        <interceptor name="bean-scope"/>
        <interceptor name="params"
        <interceptor name="userAuthentication"

        <interceptor-stack name="authStach">
           <interceptor-ref name="bean-scope"/>
           <interceptor-ref name="userAuthentication"/>
           <interceptor-ref name="defaultStack"/>

     <action name="myProfile"class="com.myproject.application.action.EntrepreneurAction"
        <interceptor-ref name="authStach"/>
        <result name="success" type="tiles" >pages/myProfile.jsp</result>

package com.myproject.application.interceptor;

import com.myproject.application.model.User;

public class AllRoleAuthenticationInterceptor extends UserAuthenticationInterceptor {

    private static final long serialVersionUID = -5932013298987566795L;
    public boolean isAllowed(User user) {
      return true;

package com.myproject.application.interceptor;

import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts2.ServletActionContext;
import com.cofundit.application.action.constants.ActionConstants;
import com.cofundit.application.model.User;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;

* A base class for authenticating all the users.
* Needs to override the isAllowed method to control the access
public class UserAuthenticationInterceptor extends AbstractInterceptor{

   private static final long serialVersionUID = 6487648946271825850L;
   public String intercept(ActionInvocation invocation) throws Exception {
      Map<string, object=""> session = invocation.getInvocationContext().getSession();
      User user = (User) session.get(“user”);
      User adminUser=(User) session.get(”ADMIN_USER”);
      if ((user != null && isAllowed(user)) || (adminUser != null && isAllowed(adminUser))) {
      HttpServletRequest request = ServletActionContext.getRequest();
      String requestedUrl = request.getRequestURL().toString();
      if (request.getQueryString() != null) {
         requestedUrl += "?" + request.getQueryString();
      session.put(”last_requested_url”, requestedUrl);
      return "user_login";

   public boolean isAllowed(User user){
     return false;

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s