Web.xml
<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
<
web-app
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance"
xmlns
=
"http://java.sun.com/xml/ns/javaee"
xmlns:web
=
"http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation
=
"http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id
=
"WebApp_ID"
version
=
"2.5"
>
<
display-name
>
Struts2.3_ProgramaticValidations
</
display-name
>
<
welcome-file-list
>
<
welcome-file
>
index.html
</
welcome-file
>
</
welcome-file-list
>
<
filter
>
<
filter-name
>
struts2
</
filter-name
>
<
filter-class
>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</
filter-class
>
</
filter
>
<
filter-mapping
>
<
filter-name
>
struts2
</
filter-name
>
<
url-pattern
>
/*
</
url-pattern
>
</
filter-mapping
>
</
web-app
>
struts.properties
struts.custom.i18n.resources=messages
messages.properties
title=Struts2 Interceptors Example
username=Enter Your name
password=Enter Password
label.login=Login
error.invalid=Please Enter valid login credentials
username=Enter Your name
password=Enter Password
label.login=Login
error.invalid=Please Enter valid login credentials
index.jsp
<!
DOCTYPE
html
PUBLIC
"-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"
>
<
html
>
<
head
>
<
meta
http-equiv
=
"Content-Type"
content
=
"text/html; charset=ISO-8859-1"
>
<
META
HTTP-EQUIV
=
"Refresh"
CONTENT
=
"0;URL=login.action"
>
<
title
>
Insert title here
</
title
>
</
head
>
<
body
>
</
body
>
</
html
>
login.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="s" uri="/struts-tags"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<h2>
<s:text name="title"></s:text>
</h2>
<s:actionerror />
<s:form action="authentication">
<s:textfield name="userName" key="username"></s:textfield>
<s:password name="password" key="password"></s:password>
<s:submit key="label.login"></s:submit>
</s:form>
</body>
</html>
pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="s" uri="/struts-tags"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<h2>
<s:text name="title"></s:text>
</h2>
<s:actionerror />
<s:form action="authentication">
<s:textfield name="userName" key="username"></s:textfield>
<s:password name="password" key="password"></s:password>
<s:submit key="label.login"></s:submit>
</s:form>
</body>
</html>
authorizedpage.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<h1>Welcome to authorized page... You have now access to confidential pages...:-)</h1>
</body>
</html>
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<h1>Welcome to authorized page... You have now access to confidential pages...:-)</h1>
</body>
</html>
struts.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<include file="struts-default"></include>
<package name="default" extends="struts-default">
<interceptors>
<interceptor name="authInterceptors" class="com.usr.AuthInterceptor"></interceptor>
</interceptors>
<action name="login">
<result>/WEB-INF/pages/login.jsp</result>
</action>
<action name="authentication" class="com.usr.Authentication"
method="loginCredentialsCheck">
<result name="success" type="chain">authorizedonly</result>
<result name="failure">/WEB-INF/pages/login.jsp</result>
</action>
<action name="authorizedonly">
<interceptor-ref name="authInterceptors"></interceptor-ref>
<result name="success">/WEB-INF/pages/authorizedpage.jsp</result>
<result name="failure">/WEB-INF/pages/login.jsp</result>
</action>
</package>
</struts>
Authentication.java
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<include file="struts-default"></include>
<package name="default" extends="struts-default">
<interceptors>
<interceptor name="authInterceptors" class="com.usr.AuthInterceptor"></interceptor>
</interceptors>
<action name="login">
<result>/WEB-INF/pages/login.jsp</result>
</action>
<action name="authentication" class="com.usr.Authentication"
method="loginCredentialsCheck">
<result name="success" type="chain">authorizedonly</result>
<result name="failure">/WEB-INF/pages/login.jsp</result>
</action>
<action name="authorizedonly">
<interceptor-ref name="authInterceptors"></interceptor-ref>
<result name="success">/WEB-INF/pages/authorizedpage.jsp</result>
<result name="failure">/WEB-INF/pages/login.jsp</result>
</action>
</package>
</struts>
Authentication.java
package com.usr;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.struts2.interceptor.ServletRequestAware;
import com.opensymphony.xwork2.ActionSupport;
public class Authentication extends ActionSupport implements ServletRequestAware{
private String userName;
private String password;
private HttpServletRequest request;
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public void setServletRequest(HttpServletRequest request) {
this.request=request;
}
public HttpServletRequest getRequest() {
return request;
}
public String loginCredentialsCheck(){
if(this.getUserName().equals("mahesh")&&this.getPassword().equals("password")){
HttpSession session=request.getSession();
session.setAttribute("authorized", "yes");
return "success";
}
else{
addActionError(getText("error.invalid"));
return "failure";
}
}
}
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.struts2.interceptor.ServletRequestAware;
import com.opensymphony.xwork2.ActionSupport;
public class Authentication extends ActionSupport implements ServletRequestAware{
private String userName;
private String password;
private HttpServletRequest request;
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public void setServletRequest(HttpServletRequest request) {
this.request=request;
}
public HttpServletRequest getRequest() {
return request;
}
public String loginCredentialsCheck(){
if(this.getUserName().equals("mahesh")&&this.getPassword().equals("password")){
HttpSession session=request.getSession();
session.setAttribute("authorized", "yes");
return "success";
}
else{
addActionError(getText("error.invalid"));
return "failure";
}
}
}
AuthInterceptor.java
package com.usr;
import java.util.Map;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
public class AuthInterceptor implements Interceptor {
@Override
public void destroy() {
}
@Override
public void init() {
}
@Override
public String intercept(ActionInvocation invocation) throws Exception {
Map<String, Object> sessionAttributes = invocation
.getInvocationContext().getSession();
if (sessionAttributes == null
|| sessionAttributes.get("authorized") == null) {
return "failure";
} else {
if (sessionAttributes.get("authorized").equals("yes")) {
return invocation.invoke();
} else {
return "failure";
}
}
}
}
import java.util.Map;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
public class AuthInterceptor implements Interceptor {
@Override
public void destroy() {
}
@Override
public void init() {
}
@Override
public String intercept(ActionInvocation invocation) throws Exception {
Map<String, Object> sessionAttributes = invocation
.getInvocationContext().getSession();
if (sessionAttributes == null
|| sessionAttributes.get("authorized") == null) {
return "failure";
} else {
if (sessionAttributes.get("authorized").equals("yes")) {
return invocation.invoke();
} else {
return "failure";
}
}
}
}
if we acess directly authorisedpage.jsp then,