Solved

How to check user session availability in Struts application

Posted on 2008-10-17
2
1,210 Views
Last Modified: 2013-11-24
Dear Experts,

Our application is based on Struts and JSP. My problem is if somehow if the user is getting the URL of any page in our application and accessing that page directly with out login, actually it should not display the requested page. instead it should take the user to the login page. The easiest way is to check for the user session in each and every page. But i want to centralise this at one particular point.

Can i know the solution if there is any way to do in this manner.

Regards,
Malathi
0
Comment
Question by:CIPL-Senthil
  • 2
2 Comments
 
LVL 20

Expert Comment

by:chaitu chaitu
ID: 22738482
you can implement this using filters;

map all jsps to servlet filter;then if anybody accessing any jsp every jsp request will go into this filter.in the filter you can put only login.jsp
0
 
LVL 20

Accepted Solution

by:
chaitu chaitu earned 500 total points
ID: 22738496
check this code.in web.xml u need to do like this;

<filter>
            <filter-name>SessionFilter </filter-name>
            <filter-class>com.xxx.SessionFilter </filter-class>
      </filter>
<filter-mapping>
            <filter-name>SessionFilter</filter-name>
            <url-pattern>*.jsp</url-pattern>
      </filter-mapping>
public class SessionFilter implements Filter {

	private String page = "/session_expired.jsp";

	ArrayList excludedList = new ArrayList();
 

	public void destroy() {

	}
 

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,

			ServletException {

		 

		int position = ((HttpServletRequest) request).getRequestURI().lastIndexOf("/");

		boolean flag = true;		

		String requestedPage = ((HttpServletRequest) request).getRequestURI().substring(position);

		HttpServletRequest req = (HttpServletRequest)request;

		HttpSession session  = req.getSession(false);

		UserCredentials uc   = null;

		if(session!=null)

			uc   = (UserCredentials)session.getAttribute("USER_CREDENTIALS");

		

		if ((((HttpServletRequest) request).getRequestedSessionId() != null && !requestedPage.equals("/index.html") && !requestedPage.equals("/test_login.jsp")

				&& ((HttpServletRequest) request).isRequestedSessionIdValid() == false) || uc==null) {

			if(uc == null)

			{

				for(int i=0;i<excludedList.size();i++)

				{

					if(requestedPage.equals(excludedList.get(i)+""))

					{

						flag = false;

						break;

					}

				}

			}

			if(flag)

			{

				RequestDispatcher rd = request.getRequestDispatcher(page);

				rd.forward(request, response);

			}

			else {

				chain.doFilter(request, response);

			}

		} else {

			chain.doFilter(request, response);

		}

	}
 

	public void init(FilterConfig filterConfig) throws ServletException {

		if (filterConfig.getInitParameter("page") != null) {

			page = filterConfig.getInitParameter("page");			

		}

		excludedList.add("/index.html");

		excludedList.add("/test_login.jsp");

	}

}

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
zeroMAx challenge 20 87
fetching the full url inside controller 2 39
JKS to store upstart data 2 85
thymeleaf natural templating vs JSP 2 67
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now