Struts 2 interceptor firing when it shouldn't - struts2

I have different areas in my webapp, basically:
Login actions. No special interceptor needs.
Secure zone. Only for authenticated users. AuthenticationInterceptor redirects non authenticated users to logout action.
Admin zone. Only for admin users. AdministrationInterceptor redirects non admin users to logout action.
Hence, I have divided my actions in packages.
numeritos-default is a package with no actions, just to define the
interceptors and a couple stacks, in order to inherit from it.
numeritos-login is a package that inherits directly from
struts-default and, hence, uses the defaultStack from struts.
numeritos-secure inherits from numeritos-default and SHOULD (afaik)
use the numeritos-default default stack.
numeritos-admin inherits
from numeritos-default but defines a different default stack, in
order to add the administrationInterceptor to the default stack.
The thing is, the actions in numeritos-secure are executing the administrationInterceptor when they shouldn't, since their default stack, inherited from numeritos-default doesn't include that interceptor (I can't figure out the reason), hence only admin users can access the application. The rest of users are kicked out of the whole secure zone, when they should be only kicked out of the admin zone.
I have the following struts.xml configuration file. Sorry to post the whole of it, but I think it could help. All classes references are really Spring beans names, since all dependencies are managed by Spring.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.5//EN"
"http://struts.apache.org/dtds/struts-2.5.dtd">
<struts>
<constant name="struts.custom.i18n.resources" value="global-messages" />
<constant name="struts.devMode" value="true" />
<constant name="struts.ui.theme" value="simple" />
<package name="numeritos-default" extends="struts-default">
<interceptors>
<!-- Session authentication interceptor -->
<interceptor name="authenticationInterceptor" class="authenticationInterceptor"/>
<!-- Administration privileges interceptor -->
<interceptor name="administrationInterceptor" class="administrationInterceptor"/>
<!-- Caching headers interceptor -->
<interceptor name="cachingHeadersInterceptor" class="cachingHeadersInterceptor"/>
<!-- Default interceptor stack for this package (default + authentication) -->
<interceptor-stack name="numeritosDefaultStack">
<interceptor-ref name="authenticationInterceptor"/>
<interceptor-ref name="cachingHeadersInterceptor"/>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
<!-- Default interceptor stack for administration packages (default + administration) -->
<interceptor-stack name="numeritosAdminStack">
<interceptor-ref name="administrationInterceptor"/>
<interceptor-ref name="numeritosDefaultStack"/>
</interceptor-stack>
</interceptors>
<!-- Secure interceptor stack as default -->
<default-interceptor-ref name="numeritosDefaultStack"/>
</package>
<package name="numeritos-login" extends="struts-default">
<action name="welcome" class="welcomeAction">
<result name="success" type="freemarker">ftl/login.ftl</result>
</action>
<action name="login" class="loginAction">
<result name="success" type="redirectAction">exerciseLoad</result>
<result name="input" type="freemarker">ftl/login.ftl</result>
</action>
</package>
<package name="numeritos-secure" extends="numeritos-default">
<!-- Common login result -->
<global-results>
<result name="login" type="redirectAction">logout</result>
</global-results>
<action name="exerciseLoad" class="exerciseLoadAction">
<result name="simple_op" type="freemarker">ftl/simple_operation_view.ftl</result>
<result name="equation" type="freemarker">ftl/equation_view.ftl</result>
</action>
<action name="exerciseCheck" class="exerciseCheckAction">
<result name="success" type="freemarker">ftl/show_exercise_result.ftl</result>
<result name="input" type="freemarker">ftl/answer_format_error.ftl</result>
</action>
<action name="stats" class="statsAction">
<result name="success" type="freemarker">ftl/stats.ftl</result>
</action>
<action name="modulesList" class="modulesListAction">
<result name="success" type="freemarker">ftl/modules_list.ftl</result>
</action>
<action name="selectModule" class="selectModuleAction">
<result name="input" type="freemarker">ftl/modules_list.ftl</result>
<result name="success" type="redirectAction">exerciseLoad</result>
</action>
<action name="userSettings" class="userSettingsAction">
<result name="success" type="freemarker">ftl/user_settings.ftl</result>
</action>
<action name="changePassword" class="changePasswordAction">
<result name="success" type="freemarker">ftl/user_settings.ftl</result>
<result name="input" type="freemarker">ftl/user_settings.ftl</result>
</action>
<action name="logout" class="logoutAction">
<result name="success" type="freemarker">ftl/login.ftl</result>
</action>
</package>
<package name="numeritos-admin" extends="numeritos-secure">
<!-- Admin interceptor stack as default -->
<default-interceptor-ref name="numeritosAdminStack"/>
<!-- Common login result -->
<global-results>
<result name="login" type="redirectAction">logout</result>
</global-results>
<action name="adminConsole" class="adminConsoleAction">
<result name="success" type="freemarker">ftl/admin_console_results.ftl</result>
</action>
<action name="adminConsoleGroups" class="adminConsoleGroupsAction">
<result name="success" type="freemarker">ftl/admin_console_groups.ftl</result>
</action>
<action name="adminCreateGroup" class="adminConsoleGroupsAction" method="create">
<result name="success" type="redirectAction">adminConsoleGroups</result>
</action>
<action name="adminDeleteGroup" class="adminConsoleGroupsAction" method="delete">
<result name="success" type="redirectAction">adminConsoleGroups</result>
</action>
</package>
<package name="json-admin" extends="numeritos-default, json-default">
<interceptors>
<!-- Default interceptor stack for this package (default + administration + json) -->
<interceptor-stack name="numeritosJsonAdminStack">
<interceptor-ref name="administrationInterceptor"/>
<interceptor-ref name="json"/>
<interceptor-ref name="numeritosDefaultStack"/>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="numeritosJsonAdminStack"/>
<action name="jsonTest" class="jsonTestAction">
<result name="success" type="json">
<param name="root">users</param>
</result>
</action>
</package>
</struts>

Defining package configuration elements are only for adding additional configuration to packages that extend it. The packages can contain interceptors, interceptor stacks, actions that can be extended.
The package element has one required attribute name, which acts as the key for later reference to the package. The extends attribute is optional and allows one package to inherit the configuration of one or more previous packages
including all interceptor, interceptor-stack, and action configurations.
Usually packages are separated by namespace attribute which is essential for configuring actions. You can define the abstract package which doesn't contain the action configurations.
The optional abstract attribute creates a base package that can omit the action configuration.
The thing is, you are not using namespace, nor abstract packages and default-intercepto-ref is not inherited to the packages that extends it.

Related

<global-forwards> in struts 2

we are converting our application from Struts 1.2 to 2.16. I ahve added the requried jars and now i am converting struts_config.xml to struts.xml. Below is i struts-config.xml
<struts-config>
<global-forwards>
<!-- Default forward to "Welcome" action -->
<!-- Demonstrates using index.jsp to forward -->
<forward name="welcome" path="/Welcome.do"/>
<forward name="family" path="/Employee.do"/>
<forward name="line" path="/Owner.do"/>
</global-forwards>
<action-mappings>
<action path="/Welcome" forward="/pages/welcome.jsp"/>
<action path="/Employee" forward="/pages/employeejsp"/>
<action path="/Owner" forward="/pages/owner.jsp"/>
</action-mappings>
</stuts-config>
I am not able convert Global_forwards to global_results. when trying to access the page getting a blank page and its not throwing any error. Did add devmode still no luck.
Could any one please help me .
Thanks
<forward name="welcome" path="/Welcome.do"/>
<forward name="family" path="/Employee.do"/>
<forward name="line" path="/Owner.do"/>
</global-forwards>
to
<global-results>
<result name="family" type="redirect">Employee</result>
<result name="line" type="redirect">Owner</result>
</global-results>
for action mapping
<action-mappings>
<action path="/Welcome" forward="/pages/welcome.jsp"/>
</action-mappings>
<package name="test" extends="struts-default">
<action name="Welcome" class="org.xyz.Welcome" method="welcome">
<result name="success">/welcome.jsp</result>
<result name="input">/register.jsp</result>
</action>
</package>

Get request from two different name space and to call same action

I have below struts configuration file with me,I need add another "namespace"(/mservice) to same action,In that config file I need to remove <param name="excludeNullProperties">false</param>
<struts>
<package name="com.web.mobile" namespace="/service" extends="mobile-default">
<action name="ticketSupport!*" class="com.web.mobile.TicketSupport"
method="{1}">
<result type="json">
<!-- This parameter should remove to the "/mservice" namesapce -->
<param name="excludeNullProperties">false</param>
</result>
<result name="input" type="json"/>
</action>
</package>
</struts>
I have two mobile apps, need to call same action with different parameters,I am thinking to maintain 2 struts configuration files, How can I modify existing config file to work with both apps?

Handling end-of-URL slashes in Struts2 actions

In my struts.xml I have the following configured in order to handle redirection of myhost.com/admin and myhost.com/admin/ correctly:
<constant name="struts.enable.SlashesInActionNames" value="true"/>
<action name="admin">
<result type="redirectAction">admin/home</result>
</action>
<action name="admin/">
<result type="redirectAction">admin/home</result>
</action>
Is there a quicker way to do this in Struts2?
You are mixing two things: action and namespace. You can use the below config:
<action name="admin">
<result type="redirectAction">admin/</result>
</action>
<action name="" namespace="admin">
<result>/admin/index.jsp</result>
</action>
AS commented by yourself, have you tried the wildcard like this
admin/**
hope this helps

Change Struts2 interceptor error messages

I am using Struts 2 + Hibernate (full-hibernate-plugin-for-struts2), and I have this code to check if image to upload is png:
struts.xml
<struts>
<package name="mypack" namespace="/" extends="hibernate-default">
...
<action name="myaction" class="com.actions.MyAction" >
<interceptor-ref name="defaultStackHibernate">
<param name="fileUpload.allowedTypes">image/png</param>
</interceptor-ref>
<result name="success" type="tiles" >baseLayout</result>
<result name="error" type="tiles" >error</result>
<result name="input" type="tiles" >baseLayout</result>
</action>
...
</package>
</struts>
The error message that comes out if I upload not allowed image types is:
Content-Type not allowed: image "img.jpg" "upload__2988a871_13b93535e21__7fc1_00000009.tmp" image/jpeg
How can I modify that error message? Using something like "hibernate-messages.properties"?
You can override this message by creating text for this key:
struts.messages.error.content.type.not.allowed

Global interceptor - runs before every action

How can I create an interceptor that will run before EVERY action in my application, without the need to specify it for every action separately?
From http://struts.apache.org/2.3.4.1/docs/how-do-we-configure-an-interceptor-to-be-used-with-every-action.html:
Create your own named stacks and declare a new default interceptor stack for a package
<package name="default" extends="struts-default" >
<interceptors>
<interceptor-stack name="myStack">
<interceptor-ref name="timer"/>
<interceptor-ref name="logger"/>
<interceptor-ref name="default-stack"/>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="myStack"/>
<action name="login" class="tutorial.Login">
<result name="input">login.jsp</result>
<result type="redirect-action">/secure/home</result>
</action>
</package>

Resources