Struts 2 how to display messages saved in a Interceptor which would redirec to another action?

in my interceptor, if user doe开发者_StackOverflow中文版sn't have enough right, there would be a warn message:

    public String intercept(ActionInvocation invocation) throws Exception {

    ActionContext actionContext = invocation.getInvocationContext();
    Map<String, Object> sessionMap = actionContext.getSession();
    User loginUser = (User) sessionMap.get("user");

    Object action = invocation.getAction();

    if (loginUser != null && loginUser.getRole().getId() != Constant.AUTHORITY_ADMIN) {

        ((ValidationAware) action).addFieldError("user.authority",
                ((DefaultAction) action).getText("user.action.authority.not.enough"));

        return DefaultAction.HOME_PAGE;
    }

    return invocation.invoke();
}

then, it would redirect to "HOME_PAGE" action, if success, display information in the jsp. So how to display the warn message?

i have used two interceptors configed in strust.xml, for admin right requirment:

            <interceptor-stack name="authorityStack">
            <interceptor-ref name="authority" />
            <interceptor-ref name="defaultStack" />
            <interceptor-ref name="store">
                <param name="operationMode">STORE</param>
            </interceptor-ref>
        </interceptor-stack>

default is:

<interceptor-stack name="default">
            <interceptor-ref name="login" />
            <interceptor-ref name="defaultStack" />
            <interceptor-ref name="store">
                <param name="operationMode">AUTOMATIC</param>
            </interceptor-ref>
        </interceptor-stack>

Here's how I handle access control in Struts2. It's really easy and quite re-usable:

First, create an interface called SecurityCheckAware.

public interface SecurityCheckAware {
    void checkRight();
}

Then, create an interceptor called SecurityCheckInterceptor.

public class SecurityCheckInterceptor extends AbstractInterceptor {
    @Override
    public String intercept(final ActionInvocation invocation) throws Exception {
        if (invocation.getAction() instanceof SecurityCheckAware) {
            SecurityCheckAware action = (SecurityCheckAware) invocation.getAction();
            action.checkRight();
        }

        return invocation.invoke();
    }
}

Then, define the interceptor in your stack.

Any action that you want to perform security checks in should implement SecurityCheckAware. For example:

@Override
public void checkRight() {
    User loginUser = (User) session.get("user");
    if (loginUser != null && loginUser.getRole().getId() != Constant.AUTHORITY_ADMIN) {
        throw new AccessViolation("You do not have permission to access this page.");
    }
}

Next, create a custom exception that extends RuntimeException (or some subclass thereof). I call it AccessViolation.

Lastly, map AccessViolation to an error page in your struts.xml, such as:

<global-results>
    <result name="accessDenied">/WEB-INF/jsp/accessDenied.jsp</result>
</global-results>

<global-exception-mappings>
    <exception-mapping exception="com.example.AccessViolation" result="accessDenied"/>
</global-exception-mappings>

Note: You can fore-go the SecurityCheckAware and SecurityCheckInterceptor and just use the existing Preparable and PrepareInterceptor, but I like being able to encapsulate my security checks in their own method.

This doesn't rely on redirection or action/field errors (as in your question), but it should deliver everything you're looking for.

I use MessageStoreInterceptor and it's easy.

MessageStoreInterceptor - http://struts.apache.org/release/2.3.x/docs/message-store-interceptor.html

Let me know if you need more help.