Struts Login Logout Example

Details
Written by  
Last Updated on 03 August 2019   |   Print  Email


In this Struts tutorial, you will learn how to implement the login and logout function with Struts framework, based on Java HttpSession.

In Struts, there is a way to access the javax.servlet.http.HttpSessionobject directly from an action class:

    • Have the action class implemented the ServletRequestAware interface.
    • Implement the setServletRequest() method and obtain the HttpSession object from the request object which is passed by the framework.
For example:

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.struts2.interceptor.ServletRequestAware;

import com.opensymphony.xwork2.ActionSupport;

public class TestAction extends ActionSupport implements ServletRequestAware {
	
	@Override
	public void setServletRequest(HttpServletRequest request) {
		HttpSession session = request.getSession();
		session.setAttribute("userName", "Tom");
	}
	
	public String execute() {
		// do something...
		return SUCCESS;
	}
}
However, this approach is not recommended because it makes the action class ties to the servlet API and difficult for unit testing. Therefore Struts recommends developers to access the session’s attributes instead of the HttpSession object, by providing the SessionAware interface.

 

1. Implementing the SessionAware interface

The following example shows how an action class implements the SessionAware interface:

import java.util.Map;

import org.apache.struts2.interceptor.SessionAware;

import com.opensymphony.xwork2.ActionSupport;

public class MyAction extends ActionSupport implements SessionAware {
	private Map<String, Object> sessionMap;
	
	@Override
	public void setSession(Map<String, Object> sessionMap) {
		this.sessionMap = sessionMap;
	}

	// action method goes here...
}
When Struts found that an action class implements the SessionAware interface, it will inject a map of session attributes via the method setSession(), so we can use this map to add/remove attributes to/from the session. For example:

  • Adding an attribute to the session: 
    sessionMap.put("userName", "Tom");
    That’s equivalent to this call with the HttpSession:

    httpSession.setAttribute("userName", "Tom");
  • Removing an attribute from the session:
sessionMap.remove("userName");

That’s equivalent to this call with the HttpSession:

httpSession.removeAttribute("userName");
So by implementing the SessionAware interface and manipulating session attributes via a Map object, we can decouple the action class from the Servlet API, thus making unit testing the action class easily.



Now, let’s walk through an example of a Struts application in which we use the SessionAware interface to maintain a login session of user. This example can be used as a reference for implementing login functionality in Struts.

Here is the project structure (Eclipse):

 Struts2HttpSession project structure


2. Code of login page

Create Login.jsp file under WEB-INF\jsp directory with the following content:

<%@ taglib prefix="s" uri="/struts-tags" %>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
	"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Struts2 Login</title>
</head>
<body>
	<center>
		<h3>Login</h3>
		<s:form action="login" method="post">
			<s:textfield name="userName" label="Enter User Name" />
			<s:password name="password" label="Enter Password" />
			<s:submit label="Login" />
		</s:form>
	</center>
</body>
</html>
This page displays a login form with two fields (username and password). Upon submitting, it will call the action “login”.

 

3. Code of Struts action class

Create AuthenticationAction.java file under package net.codejava.struts with the following code:

package net.codejava.struts;

import java.util.Map;

import org.apache.struts2.interceptor.SessionAware;

import com.opensymphony.xwork2.ActionSupport;

public class AuthenticationAction extends ActionSupport implements SessionAware {
	
	private Map<String, Object> sessionMap;
	private String userName;
	private String password;

	public String login() {
		String loggedUserName = null;

		// check if the userName is already stored in the session 
		if (sessionMap.containsKey("userName")) {
			loggedUserName = (String) sessionMap.get("userName");
		}
		if (loggedUserName != null && loggedUserName.equals("admin")) {
			return SUCCESS;	// return welcome page
		}
		
		// if no userName stored in the session, 
		// check the entered userName and password
		if (userName != null && userName.equals("admin") 
				&& password != null && password.equals("nimda")) {
			
			// add userName to the session
			sessionMap.put("userName", userName);
			
			return SUCCESS;	// return welcome page
		}
		
		// in other cases, return login page
		return INPUT;
	}
	
	public String logout() {
		// remove userName from the session
		if (sessionMap.containsKey("userName")) {
			sessionMap.remove("userName");
		}
		return SUCCESS;
	}

	@Override
	public void setSession(Map<String, Object> sessionMap) {
		this.sessionMap = sessionMap;
	}
	
	public void setUserName(String userName) {
		this.userName = userName;
	}
	
	public void setPassword(String password) {
		this.password = password;
	}
}
In this action class, we implement two action methods: one for handling login and one for handling logout. The embedded comments are explanatory to help you understand what the code does.

 

4. Code of welcome page

Create Welcome.jsp file under WEB-INF\jsp directory with the following content:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
	"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Welcome</title>
</head>
<body>
	<center>
		<h3>Welcome <i>${sessionScope.userName}</i>, you have logged in successfully!</h3>
		<h3><a href="/logout">Logout</a></h3>
	</center>
</body>
</html>
This page simply displays a welcome message which includes the username obtained from the session. The link “Logout” allows the user to logout from the application. In the action side, it will remove the attribute “userName” from the session.

 

5. Code of struts.xml

We configure this application in struts.xml like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
    "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
	<package name="Struts2HttpSession" extends="struts-default">
		
		<action name="login" class="net.codejava.struts.AuthenticationAction"
				method="login">
			<result name="success">/WEB-INF/jsp/Welcome.jsp</result>
			<result name="input">/WEB-INF/jsp/Login.jsp</result>
		</action>

		<action name="logout" class="net.codejava.struts.AuthenticationAction"
				method="logout">
			<result name="success">/WEB-INF/jsp/Login.jsp</result>
		</action>
		
	</package>
</struts>
We declare two actions (the first for login, the second for logout) but still using one action class: AuthenticationAction.

 

6. Code of web.xml

We enable Struts2 to handle requests in web.xml file as follow:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xmlns="http://java.sun.com/xml/ns/javaee" 
	xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
		http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
	id="WebApp_ID" version="3.0">
  
  <display-name>Struts2HttpSession</display-name>
  
  <filter>
    <filter-name>struts2</filter-name>
    <filter-class>
	  	org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
	  </filter-class>
  </filter>
  
  <filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
</web-app>
 

7. Testing Struts Login Logout Sample application

Now let’s do some tests with the application we have built so far. Deploy it on a local Tomcat server at the port number 8080, type the following URL:

http://localhost:8080/Struts2HttpSession/login

That brings us to the login page:

test login page

Type “admin” for username and “nimda” for password, and hit Submit. The welcome page is displayed:

welcome page

Notice that, once we have been logged in, if we type this URL again:

http://localhost:8080/Struts2HttpSession/login

Then the welcome page will be displayed instead of the login page, because the username is remembered in the session.

Now click on the Logout link, the application will remove the username from the session and bring the login page back.

 

Other Struts Tutorials:


About the Author:

is certified Java programmer (SCJP and SCWCD). He started programming with Java in the time of Java 1.4 and has been falling in love with Java since then. Make friend with him on Facebook and watch his Java videos you YouTube.



Attachments:
Download this file (Struts2HttpSession.war)Struts2HttpSession.war[Deployable WAR file]3411 kB
Download this file (Struts2HttpSession.zip)Struts2HttpSession.zip[Eclipse project]3415 kB

Add comment

   


Comments 

#11Esteban Perez2020-08-03 11:24
muchas gracias, realmente me servira este codigo para seguir aprendiendo
Quote
#10Kiran hole2017-07-19 03:09
Required this code for learning
Quote
#9Nam2015-11-18 07:02
Thanks Anand Sangram for your contribution.
Quote
#8anand sangram2015-11-18 05:23
for logout you have to do a minor change

in welcome.jsp
change line.no. 13 from
Logout

(to)

Logout
Quote
#7Tahmid2015-08-10 04:19
Could'nt put the angle brackets for the tags... .
Just add the welcome-file tag to the web.xml file under the wecome-file-list tag.
Then put the correct path of Login.jsp file.
Quote