Is there a way to redirect to another Action class without using on struts.xml

I have many classes created in my Struts application. I did not check whether logged in condition in any of the classes. Instead I have extended a base action class.

Now I want to create a pre-handler in my base action to check logged in and redirect if they are not logged in.

I want something like this:

public BaseAction(){
  if(isLoggedIn){
    //go to child which was called
   }
   else {   //redirect to login page
  }          
}

Another way is to check isLoggedIn() by calling this method in all action classes and defining a global result like

<result name="not-logged-in" type="redirectAction">Login.action</result>

Please help me to find better way for this.


Solution 1:

Looks like you want to check in the constructor of the base action class, but you are mistaken. The constructor is used by the object factory to instantiate your action instance. In this stage a few things is available to you. In your case it's wrong. Another approach is if you move the logic into the method say execute() and call super.execute() before any method call would work, but if you forget to put the super call in the action then you may end up the action code running not authenticated. To prevent it you should run the code before any action is executed and be able to access the action instance or action context to be more Struts2. I guess you've never read the book Struts 2 in Action so I will give you some my own thoughts. It's about creating AuthenticationInterceptor and the action that implements UserAware that injects the user logged in into the action that implement this interface. The interceptor is looks like

public class AuthenticationInterceptor implements Interceptor {

public void destroy() {
}

public void init() {
}

public String intercept(ActionInvocation actionInvocation) throws Exception {
    Map session = actionInvocation.getInvocationContext().getSession();
    User user = (User) session.get(Struts2MyConstants.USER);
            
    if (user == null) {
        return Action.LOGIN; //login required result
    }               
    else {              
        Action action = (Action)actionInvocation.getAction();
        
        if (action instanceof UserAware) {
            User freshUser = myService.getUser(user.getId());
            ((UserAware)action).setUser(freshUser);
        }
        
        System.out.println("Logged in: interceptor");
        return actionInvocation.invoke();
    }
}

The UserAware is looks like

public interface UserAware {
    
    public void setUser( User user );
    
}

and make a secure default stack that will reference any action

<interceptors>
  <interceptor name="authenticationInterceptor" class="org.yourapp.struts.interceptor.AuthenticationInterceptor"/>
  <interceptor-stack name="secureStack">
    <interceptor-ref name="authenticationInterceptor"/>
    <interceptor-ref name="defaultStack"/>
  </interceptor-stack>
</interceptors>
<default-interceptor-ref name="secureStack"/> 

If you make your base action to implement UserAware then the user object that is logged in will be available not only from session but in action too if you define getter for the user or make it protected. You have to make the User object immutable so that not compromise the security feature.

Solution 2:

You can use a Filter. It will be a lot more transparent than requiring all your classes to extend your BaseAction.

Edit

You would map this filter in your web.xml file, so it would be executed before the Struts controller servlet.

<filter>
   <filter-name>AuthorizationFilter</filter-name>
   <filter-class>my.company.AuthorizationFilter</filter-class>
</filter>

<filter-mappging>
    <filter-name>AuthorizationFilter</filter-name>
    <servlet-name>StrutsActionServlet</servlet-name>
</filter-mapping>

Or by URL pattern:

<filter-mapping>
    <filter-name>AuthorizationFilter</filter-name>
    <url-pattern>*.do</url-pattern>
</filter-mapping>

Edit

You have changed the question, and it appears it's struts 2 you're using after all. In that case, you can write an interceptor instead of a filter. It would basically do the same, but an interceptor can be configured along with the rest of your struts configuration.