We have a listings page which contain links for different actions.Each of those actions would require a user login before proceeding to the respective jsp page.
How do we dynamically pass in the input action/page to the login action.
On successul login,we need to redirect to that particular action/page from where the login action was triggered.
If this is not possible dynamically then we need to define separate actions for login from each of the page which requires a logged-in user.
You could pass the forward path (as a request parameter) to your login Action class and then add logic to dynamically create the ActionForward class; as opposed to using the ActionMapping.findForward(...) method. An ActionForward can be instantiated using a constructor that accepts the same path (to a JSP file or another action) that you would have specified in your Struts conguration file.
public ActionForward execute(ActionMapping mapping,
ActionForm form, HttpServletRequest request, HttpServletResponse response)
String forwardPath = request.getParameter("forwardPath");
ActionForward objAxFrwd = null;
// action specific code goes here
// Forward control to the specified success URI
if (forwardPath != null)
objAxFrwd = new ActionForward(forwardPath);
objAxFrwd = mapping.findForward("errorSystem");
In this example I mix both approaches so that I can still use my global forwards as a fallback if the "forwardPath" is missing. The value of the "forwardPath" could be "/myactionone.do" or "/some.jsp".
If I understand yur question correctly, you have a 'public' page that produces a list of links, each of which refers to a 'protected' page.
Anybody can access a public page.
Only authorised users can access a protected page.
If this is the case, then thngs can be made much simpler by using the servlet container (i.e Tomcat, Weblogic etc) to manage the authorisation for you. I've implemented such a scheme in Tomcat and could supply some examples, given sufficient time.
For speed, use these pages for reference...
...for more info, do a search for 'security-constraint', using the web search engine of your choice.
You may want to look at security filter project under sourceforge. It is a component to help you do authroization. If the user is not authorized to view the page, it will be redirected to a pre-defined page to ask for logging in, after authorized you will be redirected to the requested page automatically.
Hmm, sounds interesting...
I'll have to have a look at that project to see exactly what it provides in addition to the <security-constraint> elements that you can use in a web.xml file.
Will report back with any juicy facts that I find.