The Problem
Many posts discuss the standard form-based authentication with Struts 1.1
https://developer.jboss.org/thread/41489?start=0&tstart=0
http://www.jguru.com/forums/view.jsp?EID=1095061
The following questions arise here:
1.) Shall we map the standard j_security_check action in the struts-config.xml file? If it is NOT mapped in struts-config.xml, then we could not specify the page that shall be shown after a successfull login, so it does not make sense to direclty call the login page.
2.) Shall we have a custom action class for handling the standard form-based authentication, or shall we only rely on the stanard mechanism? If we implement a custom action class, how can it still handle the authentication in a standard-based way?
3.) How does the view ( login.jsp, login.html or whatever) look like?
4.) Assumig we have already mapped somehow the standard j_security_check action in the struts-config.xml file, and we have the following standard entries in web.xml:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginFailed.jsp</form-error-page>
</form-login-config>
</login-config>
– which mapping takes precedence – that in the struts-config.xml or that in the web.xml?
The Solution
Our solution is based on the analogous use case with JSF, a solution of which is given by Oracle:
http://docs.oracle.com/javaee/6/tutorial/doc/glxce.html
We give the following answers:
1.) In struts-config.xml we have the following mapping:
<form-bean name=“logInForm“ type=“at.alex.common.form.LogInForm“ />
…..
<action path=“/Login“ type=“at.alex.common.action.LogInAction“
name=“logInForm“ scope=“request“ validate=“true“ input=“page.login“>
<forward name=“success“ path=“page.welcome“ />
<forward name=“error“ path=“page.loginFailed“ />
</action>
2.) As shown above, we implement a custon action class, which authenticates the user in a standard-based way as given below:
package at.alex.common.action;
public class LogInAction extends Action {
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request,
HttpServletResponse response) throws Exception {
LogInForm logInForm = (LogInForm) form;
try {
request.login(logInForm.getUsername(), logInForm.getPassword());
} catch (ServletException e) {
return mapping.findForward(„error“);
}
3.) Our view (login.jsp) looks as follows:
<html:form action=“/Login“ method=“post“>
<bean:message key=“label.common.username“ /> :
<html:text property=“username“ size=“20″ maxlength=“20″ />
<br />
<bean:message key=“label.common.password“ /> :
<html:text property=“password“ size=“20″ maxlength=“20″ />
<br />
<html:submit>
<bean:message key=“label.common.button.submit“ />
</html:submit>
</html:form>
4.) The answer to the question (4) can be found if you implement the solution outlined here.