Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1238
  • Last Modified:

How to check user session availability in Struts application

Dear Experts,

Our application is based on Struts and JSP. My problem is if somehow if the user is getting the URL of any page in our application and accessing that page directly with out login, actually it should not display the requested page. instead it should take the user to the login page. The easiest way is to check for the user session in each and every page. But i want to centralise this at one particular point.

Can i know the solution if there is any way to do in this manner.

  • 2
1 Solution
chaitu chaituCommented:
you can implement this using filters;

map all jsps to servlet filter;then if anybody accessing any jsp every jsp request will go into this filter.in the filter you can put only login.jsp
chaitu chaituCommented:
check this code.in web.xml u need to do like this;

            <filter-name>SessionFilter </filter-name>
            <filter-class>com.xxx.SessionFilter </filter-class>
public class SessionFilter implements Filter {
	private String page = "/session_expired.jsp";
	ArrayList excludedList = new ArrayList();
	public void destroy() {
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
			ServletException {
		int position = ((HttpServletRequest) request).getRequestURI().lastIndexOf("/");
		boolean flag = true;		
		String requestedPage = ((HttpServletRequest) request).getRequestURI().substring(position);
		HttpServletRequest req = (HttpServletRequest)request;
		HttpSession session  = req.getSession(false);
		UserCredentials uc   = null;
			uc   = (UserCredentials)session.getAttribute("USER_CREDENTIALS");
		if ((((HttpServletRequest) request).getRequestedSessionId() != null && !requestedPage.equals("/index.html") && !requestedPage.equals("/test_login.jsp")
				&& ((HttpServletRequest) request).isRequestedSessionIdValid() == false) || uc==null) {
			if(uc == null)
				for(int i=0;i<excludedList.size();i++)
						flag = false;
				RequestDispatcher rd = request.getRequestDispatcher(page);
				rd.forward(request, response);
			else {
				chain.doFilter(request, response);
		} else {
			chain.doFilter(request, response);
	public void init(FilterConfig filterConfig) throws ServletException {
		if (filterConfig.getInitParameter("page") != null) {
			page = filterConfig.getInitParameter("page");			

Open in new window


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now