Java Reference
In-Depth Information
not logged in from accessing pages within the application. Otherwise,
they could still enter simply by typing the appropriate URL.
We saw a sneak preview of how to do this when we discussed intercep-
tors. After the action bean has been resolved, we check whether it's one
of the allowed action beans (Login and Register) and for the presence of
the
User
object in the action bean context. Here is the login interceptor
again, this time with an additional feature (can you spot it?):
package
stripesbook.ext;
@Intercepts(LifecycleStage.ActionBeanResolution)
public class
LoginInterceptor
implements
Interceptor {
@SuppressWarnings("unchecked")
private static final
List<Class<?
extends
BaseActionBean>> ALLOW =
Arrays.asList(
LoginActionBean.
class
,
RegisterActionBean.
class
);
public
Resolution intercept(ExecutionContext execContext)
throws
Exception
{
Resolution resolution = execContext.proceed();
MyActionBeanContext ctx =
(MyActionBeanContext) execContext.getActionBeanContext();
BaseActionBean actionBean = (BaseActionBean)
execContext.getActionBean();
Class<?
extends
ActionBean> cls = actionBean.getClass();
if
(ctx.getUser() ==
null
&& !ALLOW.contains(cls)) {
resolution =
new
RedirectResolution(LoginActionBean.
class
);
if
(ctx.getRequest().getMethod().equalsIgnoreCase("GET")) {
((RedirectResolution) resolution)
.addParameter("loginUrl", actionBean.getLastUrl());
}
}
return
resolution;
}
}
When users who are not logged in are bounced to the Login page, the
loginUrl
parameter is set to the URL that the user was trying to use.
2
2.
Notice the check for a GET request. Sending the user to the URL for a POST request
won't work, because the parameters won't be in the URL. Besides, it's better not to reissue
a POST request after login and instead just let the user start over.
Search WWH ::
Custom Search