In my application I have added interceptor to filter the request.Here each user is associated with a list of menu. So if user try to access page which is not associated to him then we will redirect him to unauthorizedUser.jsp page otherwise we will let the user to access the page.
Here is my interceptor code …
@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
String returnAction = "unauth.user";
Map<String, String> keyValMap = FCCommonUtils.getALLMenuIdMap();
ActionContext context = actionInvocation.getInvocationContext();
HttpServletRequest request = (HttpServletRequest) context.get(StrutsStatics.HTTP_REQUEST);
HttpSession session = null;
if (request != null) {
session = request.getSession(false);
String contextPath = request.getContextPath();
contextPath = contextPath + RequestURIDtls.SEPERATOR;
String reqURI = request.getRequestURI().substring(contextPath.length(), request.getRequestURI().length());
String requestedRole = keyValMap.get(reqURI);
if (requestedRole != null && session != null) {
UserInfoUIForm userForm = (UserInfoUIForm) session.getAttribute(WebConstants.USER_INFO);
if (userForm != null) {
List<Long> userRoleLst = FCCommonUtils.getmenuids(userForm.getRoleId());
if (userRoleLst.contains(new Long(requestedRole))) {
//TODO : GUNJAN : NEED TO DO R&D WHY actionInvocation.invoke() CREATES NULL POINTER EXCEPTION
//returnAction=actionInvocation.invoke();
returnAction = "success";
} else {
returnAction = "unauth.user";
}
} else {
returnAction = "unauth.user";
}
} else {
returnAction = "unauth.user";
}
} else {
returnAction = "unauth.user";
}
return returnAction;
}
In above code returnAction=actionInvocation.invoke() gives null pointer exception.
Here is my struts.xml configuration to access the page ..
<action name="viewCorporate" class="com.ndil.web.corporate.MstCorporateAction" method="viewCorporatePage">
<interceptor-ref name="menuFilterInterceptor" />
<result name="unauth.user">/jsp/unAuthUser.jsp</result>
<result name="success">/jsp/mngCorporate.jsp</result>
</action>
Can any one suggest me why actionInvocation.invoke() gives null pointer exception ???
Thanks,
Gunjan Shah.
Free code review.
1) Intercept result decared as variable, unused.
2) Said value should be a constant anyway.
3) Variable is named incorrectly–it’s not an action name, it’s a result name.
4) If you’re in an interceptor, you’ve gotten a request–there’s just no way for this to be null. If it is null, something far more serious than an unauthorized user has occurred, and the world should blow up.
5) Similarly, unless you’ve specifically configured your entire app not to create sessions, checking for a session is redundant. If you don’t, something has gone horribly wrong. Check for known session attributes to determine if a user is logged in, not for the presence of the session itself–much easier.
IMO both 4 and 5, if handled at all, should be handled with declarative exceptions. In that state, the web app is likely inoperable–peg the user to HTTP 500 or similar.
6) The nested conditionals are way too deep. Strict adherence to “one return per method” creates difficult-to-understand code, particularly when a method has deeply-nested conditionals.
7) It looks like you’re relying on form data to determine the user’s role. This is inherently insecure; user role information should be kept in the session, where it can’t be easily manipulated.
8) Some miscellaneous tweaks leave us with this:
While testing the method remains relatively difficult, it’s much easier to understand the precise testing needs. It’s easier to read, because you no longer have to wonder “what if the opposite is true?” as in the deeply-nested code.