Struts best practices – white paper on JavaWorld


An interesting white paper: Struts best practices

Multiple options are available for solving problems with Struts. When deciding among these alternatives, the choice must be based on parameters such as the scale of work and availability of time. However for large applications and the best quality-of-service needs, every decision becomes crucial and extra efforts are required to choose the appropriate solution. To help you make these decisions, Puneet Agarwal discusses some of the best practices for developing Struts-based applications. (2,800 words; September 13, 2004)

By Puneet Agarwal

I was looking for the way to specify the page to forward to when a validation of the roles attribute on an ActionMapping has failed. Unfortunately, I am still looking. I found the information on how to extend Struts in the white paper Extending Struts (OnJava) by Sunil Patil 11/10/2004 . The way to forward when an error is found seems to be:

                //If no redirect user to login Page
            }catch(Exception ex){

My requestprocessor:

	 * In this method, the list of roles that MAY have been defined (that is optional) for the current
   * ActionMapping is evaluated. The user trying to access this ActionMapping must have at least one
   * of the Roles defined for the ActionMapping, otherwise the request has to be denied.
   * The method retrieves the User object from the sessionScope (key = JHS_USER) and invokes the hasAccess
   * method to verify if one the required roles has been granted to the current user. If so, the method returns true.
   * If not, the user has no access to the ActionMapping and the method returns false.
	protected boolean processRoles(HttpServletRequest request
	                               ,HttpServletResponse response
	                               ,ActionMapping mapping ) throws IOException, ServletException{

	 boolean isOK =false;
   // retrieve list of roles that may access this action mapping
	 String[] roles = mapping.getRoleNames();
	 if ( roles == null || roles.length < 1 ) {
	    // if no roles are specified in the mapping the function is accessible for all"NO ROLES specified for " + mapping.getName() );
	    isOK = true;
   else {
     // one or more roles may have access, but at least one of those roles must be granted to the current user
     JhsUser user = (JhsUser)request.getSession().getAttribute(JhsAdfConstants.JHS_USER);
     for (int i = 0; i< roles.length ; i++ ) {"ROLE:"+roles[i]);
		   if (user.hasAccess(roles[i],null)) {
		     isOK = true;
         // break from this loop as soon as a role is found that has been granted to the user
		 }// for over roles
        // now if (!isOK) I want to forward to an errorpage of sorts.
   return isOK;

About Author

Lucas Jellema, active in IT (and with Oracle) since 1994. Oracle ACE Director and Oracle Developer Champion. Solution architect and developer on diverse areas including SQL, JavaScript, Docker, Machine Learning, Java, SOA and microservices, events in various shapes and forms and many other things. Author of the Oracle Press books: Oracle SOA Suite 11g Handbook and Oracle SOA Suite 12c Handbook. Frequent presenter on community events and conferences such as JavaOne, Oracle Code and Oracle OpenWorld.


  1. In this case you are forwarding to an page which should be outside WEB-INF folder. Instead I would like to call an Action class. How can I do that?

  2. Leon,

    Thanks a lot. That was what I was looking for. It is like you say: no hard-coded reference to a JSP – a reference that I did not like at all. This is much cleaner.


  3. Leon van Tegelen on

    The actual way to do it would be to forward to a global forward named “unauthorized” in the struts-config, like so
    ForwardConfig fc = mapping.getModuleConfig().findForwardConfig(“unauthorized”);

    No need for hardcoded errropage …