2

Hi i developed small web application, in that all the functionality working fine but when i press browser back button it showing previous page and if u perform or click any action button it will call and execute that action how to do prevent user that below is my action class and struts config file

 public class LoginAction extends ActionSupport implements ModelDriven, SessionAware, ServletRequestAware { private static final long serialVersionUID = -3197657749784237381L; @SuppressWarnings("unchecked") private Map session; private HttpServletRequest request; private LoginBean logBean = new LoginBean(); public LoginAction() { } public Object getModel() { return logBean; } public LoginBean getLogBean() { return logBean; } public void setLogBean(LoginBean logBean) { this.logBean = logBean; } public Map getSession() { return session; } public void setSession(Map session) { this.session = session; } /* public static Log getLOG() { return LOG; } public static void setLOG(Log LOG) { ActionSupport.LOG = LOG; } */ public void setServletRequest(HttpServletRequest request) { this.request = request; } public String execute() { return SUCCESS; } public String verifyLogin() { String target = ""; LoginDB logDB = new LoginDB(); UserBean ub = new UserBean(); String ipAddress = request.getRemoteAddr(); ub = logDB.verifyLogin(logBean.getLoginID(), logBean.getPassword()); if (ub.getInvalid().equals("1")) { if (ub.getActive() != 0) { session = ActionContext.getContext().getSession(); session.put("userBean", ub); target = SUCCESS; } else { addActionError("Your status is inactive!!!Please Contact Admin Or Activate Link"); target = INPUT; } } else { addActionError("Invalid LoginID or Password!"); target = INPUT; } return target; } @SuppressWarnings("unchecked") @SkipValidation public String logOut() { //LoginDB loginDB = new LoginDB(); String status = ""; // String id = request.getParameter("userID"); String ipAddress = request.getRemoteAddr(); //int a = loginDB.logOut(id, ipAddress); if (true) { session.clear(); session = null; if (session instanceof org.apache.struts2.dispatcher.SessionMap) { try { ((org.apache.struts2.dispatcher.SessionMap) session).invalidate(); } catch (IllegalStateException e) { } } status = "success"; } else { addActionError(getText("system.ERROR")); status = "error"; } return status; } }

my register class

 public String execute() throws SQLException, ClassNotFoundException { Register rt = new Register(); String status = rt.trailUser(user); if (status.equalsIgnoreCase("1")) { if(Mail()==1) { addActionMessage("Congratulation you have success fully singed In check your mail to Activate Your Acount!"); return SUCCESS; } else { addActionError("Sign In Again!"); return INPUT; } } else { return ERROR; } }

struts.xml

// <struts> <!-- Configuration for the default package. --> <constant name="struts.Devmode" value="false"></constant> <constant name="struts.enable.DynamicMethodInvocation" value="false" /> <constant name="struts.custom.i18n.resources" value="ApplicationResources" /> <package name="default" extends="struts-default"> <action name="users"> <result>home.jsp </result> </action> <action name="UserAction" class="com.java.action.RegisterAction"> <result name="input">/signup.jsp</result> <result name="success">/home.jsp</result> <result name="error">/error.jsp</result> </action> <action name="trialregister"> <result>signup.jsp</result> </action> <action name="Activate" class="com.java.action.ActivationAction"> <result name="input">/error.jsp</result> <result name="success">/home.jsp</result> <result name="error">/test1.jsp</result> </action> <action name="verifyLogin" class="com.java.action.LoginAction" method="verifyLogin"> <result name="input">/home.jsp</result> <result name="success">/test1.jsp</result> </action> <action name="logOut" class="com.java.action.LoginAction" method="logOut"> <interceptor-ref name="clear-cache"></interceptor-ref> <result name="error">/error.jsp</result> <result name="success">/home.jsp</result> </action> <action name="Back"> <result>/home.jsp</result> </action> </package> </struts>

NOTE as u can see after i logged out i am clearing the session variables but if user click back it display register page and if he click register button it will execute register action so can any one tell me how to prevent the action been executed after logout even if he click any action event button it should redirect that to login page.

Improve this question

1 Answer 1

Reset to default
3

Well what you trying to do seems right to me. Regarding the browser back button this is not something related to S2 as the Browser is moving you back on back button hit due to the browser cache.

Though you can request browser to clear cache and setting some headers like

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1. response.setHeader("Pragma", "no-cache"); // HTTP 1.0. response.setDateHeader("Expires", 0); // Proxies.

The above code can be moved to the Interceptor and can be configured with your logout action so that browser can be requested to follow your headers. Above code will refire a real HTTP request on the server instead of loading the page from browser's cache, you'd like to instruct the browser to not cache the pages by adding the above headers to the response:

Regarding your Action class code getting executed when you hit the back button, i suggest you to create an interceptor and configure that interceptor so that only logged in user can execute those action and non logged user should be asked to login first.

Sample Interceptor

public class LoginInterceptor implements Interceptor { public LoginInterceptor() { } public void destroy() { } public void init() { } public String intercept(ActionInvocation actionInvocation) throws Exception { final ActionContext context = actionInvocation.getInvocationContext(); HttpServletRequest request = (HttpServletRequest) context.get(ServletActionContext.HTTP_REQUEST); HttpSession session = request.getSession(true); //Code try { Users user= (Users) session.getAttribute("user"); if (user== null) { return "login"; } } catch (Exception e) { Logger.getLogger(LoginInterceptor.class.getName()).log(Level.INFO, "message", e); } //Invoke action String result = actionInvocation.invoke(); return result; } }

This interceptor will check if the user is there in the session if user is not there he.she will be redirected to login page and for other case request will go to next interceptor in the hierarchy.

now configure this interceptor in struts.xml file

struts.xml

<interceptors> <interceptor class="myclass.LoginInterceptor" name="loginInterceptor"> </interceptor> <interceptor-stack name="loginStack"> <interceptor-ref name="loginInterceptor"> <interceptor-ref name="defaultStack"> </interceptor-ref> </interceptor-ref> </interceptors> <default-interceptor-ref name="loginStack">

once its configured it you can use interceptor to all those action calls for whom you want that user should be logged in.

for more details how to do this refer to this tutorial.

This interceptor technique is only for learning purpose and if you want to implement such use case in a real life project i will suggest to use some security framework like Spring-Security which provides much powerful and flexible way to handle these use-cases

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

i am having the error i followed the exact same steps in the link but my project showing error on running its not deploying.
can you show what exact is the error else it will be hard to suggest anything

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.