Author: bleny Date: 2013-07-01 16:58:37 +0200 (Mon, 01 Jul 2013) New Revision: 268 Url: http://forge.codelutin.com/projects/franciaflex-magalie/repository/revisions... Log: redirect user to login page Modified: trunk/magalie-web/src/main/java/com/franciaflex/magalie/web/MagalieInterceptor.java trunk/magalie-web/src/main/resources/struts.xml Modified: trunk/magalie-web/src/main/java/com/franciaflex/magalie/web/MagalieInterceptor.java =================================================================== --- trunk/magalie-web/src/main/java/com/franciaflex/magalie/web/MagalieInterceptor.java 2013-07-01 13:44:57 UTC (rev 267) +++ trunk/magalie-web/src/main/java/com/franciaflex/magalie/web/MagalieInterceptor.java 2013-07-01 14:58:37 UTC (rev 268) @@ -27,7 +27,12 @@ import com.franciaflex.magalie.services.MagalieService; import com.franciaflex.magalie.services.MagalieServiceContext; import com.franciaflex.magalie.services.service.FixturesService; +import com.franciaflex.magalie.web.action.ChooseCompanyAction; +import com.franciaflex.magalie.web.action.IndexAction; +import com.franciaflex.magalie.web.action.LoginAction; +import com.franciaflex.magalie.web.action.ReportAction; import com.google.common.base.Preconditions; +import com.google.common.collect.ImmutableSet; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.interceptor.Interceptor; import org.apache.commons.collections.CollectionUtils; @@ -47,6 +52,9 @@ */ public class MagalieInterceptor implements Interceptor { + public static final ImmutableSet<Class<? extends MagalieActionSupport>> ACCESSIBLE_ACTIONS_FOR_NOT_LOGGED_USER = + ImmutableSet.of(LoginAction.class, IndexAction.class, ChooseCompanyAction.class, ReportAction.class); + private static final Log log = LogFactory.getLog(MagalieInterceptor.class); protected boolean fixturesLoaded = false; @@ -93,9 +101,11 @@ } + Class<?> actionClass = action.getClass(); + Set<PropertyDescriptor> descriptors = BeanUtil.getDescriptors( - action.getClass(), + actionClass, BeanUtil.IS_WRITE_DESCRIPTOR); for (PropertyDescriptor propertyDescriptor : descriptors) { @@ -134,6 +144,28 @@ try { + // prevent accessing a page without a session + if (magalieSession.getMagalieUser() == null) { + + if (ACCESSIBLE_ACTIONS_FOR_NOT_LOGGED_USER.contains(actionClass)) { + + if (log.isDebugEnabled()) { + log.debug("user has no session but can access to action " + action); + } + + } else { + + if (log.isDebugEnabled()) { + log.debug("user has no session: illegal access to action " + action + + ", redirecting user to login page"); + } + + return "redirect-to-login"; + + } + + } + return invocation.invoke(); } finally { Modified: trunk/magalie-web/src/main/resources/struts.xml =================================================================== --- trunk/magalie-web/src/main/resources/struts.xml 2013-07-01 13:44:57 UTC (rev 267) +++ trunk/magalie-web/src/main/resources/struts.xml 2013-07-01 14:58:37 UTC (rev 268) @@ -28,6 +28,7 @@ <constant name="struts.convention.default.parent.package" value="magalie" /> <package name="magalie" namespace="/" extends="json-default"> + <interceptors> <interceptor name="magalieInterceptor" class="com.franciaflex.magalie.web.MagalieInterceptor"/> @@ -40,6 +41,10 @@ <default-interceptor-ref name="magalieStack"/> + <global-results> + <result name="redirect-to-login" type="redirect">/</result> + </global-results> + </package>