The page is not redirecting properly by interceptor in Struts 2

Question

That's it, I code an interceptor login, the result is

<result name="login" type="redirectAction">access</result>

All works ok, but I think that is recalling it, the result go to access and again execute the interceptor and go access etc. I believe that because my browser shows the message:

the page is not redirecting properly.

I'm using Struts 2 and Rest plugin.

This is my interceptor:

@Override
public String intercept(ActionInvocation invocation) throws Exception {

    HttpSession session = ServletActionContext.getRequest().getSession(false);
    Object loginObject = session.getAttribute("login");
    boolean login = false;

    if (loginObject != null) {
        login = (Boolean) loginObject;
        if (!login) {
            return Action.LOGIN;
        } else {
            return invocation.invoke();
        }
    } else {
        return Action.LOGIN;
    }
   

Answer 1

When you return Action.LOGIN from within the Interceptor, the result is executed, and since the result is of type redirectAction, another request is created and filtered through the Interceptor Stack. Then the execution will trigger again your Interceptor, that is the unwanted result.

You need to exclude the execution of your Login Interceptor for the access action, using the default stack, for example.

<default-interceptor-ref name="myCustomLoginStack"/>

<action name="access" class="foo.bar.actions.Access">
    <result>access.jsp</result>
    <interceptor-ref name="defaultStack" />
</action>

<action name="foobar" class="foo.bar.actions.Foobar">
    <result>foo.jsp</result>
    <result name="login" type="redirectAction">access</result>
</action>

Answer 2

Neither login or access is setting the loginObject to the session, nor they set it to true, which is superfluous. As a result, if you configured this interceptor to the action, it will prevent the action invocation and execution.

Answer 3

Expanding on Roman's remark re: setting session values to true and why it's superfluous:

Rather than check for the value of the session value, just check for its presence. On logout remove the session object, either explicitly (if you need other session data to remain) or invalidate the session.

This has the added benefit of reducing your code to approximately this:

public String intercept(ActionInvocation invocation) throws Exception {
    Map    session     = invocation.getInvocationContext().getSession()
    Object loginObject = session.getAttribute("login");

    if (loginObject == null) {
      return LOGIN;
    }

    return invocation.invoke();
}

Regarding getSession(false), it's generally unnecessary to include the boolean argument, since JSP pages will create sessions automatically unless explicitly declared not to.