I'm learning Java EE and I have to remember logged-in users with a four-hour timed cookie.

I have to implement it this way because the cookie part is mandatory for my school. I know my cookie is well created (in because I tested it in a custom action. (in my login.jsp I put a struts tag <action ... executeResults="true"/>.

I created an Interceptor named LoginInterceptor to intercept every attempt to access a page.

It intercepts the request quite right (yeah !) but then I can't check for cookies because my HTTPServletRequest is null.

How am I testing ? I go to the index (localhost.../myProject/) I log in with Remember me.

Have you got any ideas?





<?xml version="1.0" encoding="UTF-8" ?>
    "-//Apache Software Foundation//DTD Struts Configuration 2.3//EN"
    <constant name="struts.enable.DynamicMethodInvocation" value="false"/>
    <constant name="struts.devMode" value="true"/>

    <package name="default" extends="struts-default">
            <result name="login">/WEB-INF/content/login.jsp</result>

    <package name="com.yaka.yakaaerien.actions" namespace ="/" extends ="struts-default">
            <interceptor name="loginInterceptor" 
                         class="com.yaka.yakaaerien.interceptor.LoginInterceptor" />
            <interceptor-stack name="globalStack">
                <interceptor-ref name="loginInterceptor"/>
                <interceptor-ref name="defaultStack"/> 

        <action name="ActionsListAction" class="com.yaka.yakaaerien.actions.ActionsListAction">
            <interceptor-ref name="globalStack"/>
        <action name="AccueilAction" class="com.yaka.yakaaerien.actions.AccueilAction">
            <interceptor-ref name="globalStack"/>
        <action name="LoginAction" class="com.yaka.yakaaerien.actions.LoginAction">
            <result name="success">/WEB-INF/content/Accueil.jsp</result>
            <result name="error">/WEB-INF/content/login.jsp</result>
            <result name="input">/WEB-INF/content/login.jsp</result>
        <action name="GenerePasswordAction" class="com.yaka.yakaaerien.actions.GenerePasswordAction">
            <result name="success">/WEB-INF/content/result.jsp</result>
            <result name="error">/WEB-INF/content/GenerePassword.jsp</result>
            <result name="input">/WEB-INF/content/GenerePassword.jsp</result>



public class LoginAction extends ActionSupport implements ServletRequestAware, ServletResponseAware {

    private boolean isAdmin = false;
    private String message;
    private String login;
    private String password;
    private String userID;
    private String remember;
    private UsersDAO usersDAO = new UsersDAO();
    public ArrayList<Users> list_users = new ArrayList<Users>();
    protected HttpServletRequest servletRequest;
    protected HttpServletResponse servletResponse;

    public String execute() throws Exception { 
       UsersDAO actions = new UsersDAO();
        List list_users = actions.get_users(login, password);
        Iterator i = list_users.iterator();
        Users user;
        if (list_users != null && !list_users.isEmpty()) {
                user = (Users);
                if (user.getUserIsAdm() != null && user.getUserIsAdm()) {
                    isAdmin = true;

                // Permits to save the current logged Session
                //ActionContext.getContext().getSession().put("logged", user.getUserFirstName());
                if (remember.equals("true")) {
                    System.out.println("Registering new cookie");
                    Cookie userCookie = new Cookie("userID", user.getUserFirstName() + "," + user.getUserPassword());
                    userCookie.setMaxAge(60 * 60 * 4);
                return SUCCESS;
        }else {
            System.out.println("Adding actionError");
            addActionError("Erreur : Nom d'utilisateur ou mot de passe érroné.");
        return ERROR;

    public void validate() {
        System.out.println("Form validation");


        Map<String, List<String>> fields = getFieldErrors();
        fields = new HashMap<String, List<String>>();
        if (login == null || login.length() == 0) {
            addFieldError("coucou", "coucou");
        if (password == null || password.length() == 0) {
            addFieldError("bad password", "bad password");

    public void setServletRequest(HttpServletRequest hsr) {
        this.servletRequest = hsr;

    public void setServletResponse(HttpServletResponse hsr) {
        this.servletResponse = hsr;



public class LoginInterceptor implements Interceptor {

    private HttpServletRequest servletRequest;
    private String cookied = "false";

    public void destroy() {

    public void init() {

    public String intercept(ActionInvocation ai) throws Exception {
        if(ai.getAction() instanceof ServletRequestAware)
            this.servletRequest = (HttpServletRequest)ai.getInvocationContext().
        UsersDAO actions = new UsersDAO();
        System.out.println("Entering LoginInterceptor");
        if (getCookie("userID") != null) {
            System.out.println("Looking for cookie userID");
            String cookieValue = getCookie("userID").getValue();
            String login = cookieValue.substring(0, cookieValue.lastIndexOf(","));
            String password = cookieValue.substring(cookieValue.lastIndexOf(",") + 1);
            List list_users = actions.get_users(login, password);
            System.out.println("Checking cookie for user :" + login);
            Iterator i = list_users.iterator();
            Users currentUser;
            while (i.hasNext()) {
                currentUser = (Users);
                if (currentUser.getUserFirstName().equals(login)) {
                    System.out.println("Cookie found !");
                    cookied = "true";
                    return ai.invoke();
        return "login";

    public Cookie getCookie(String name) {
        if (servletRequest != null) {
            if (servletRequest.getCookies() != null) {
                Cookie cookies[] = servletRequest.getCookies();
                Cookie requestedCookie = null;
                if (cookies != null) {
                    for (Cookie current : cookies) {
                        if (current.getName().equals(name)) {
                            requestedCookie = current;
                return requestedCookie;

        return null;

    public void setServletRequest(HttpServletRequest hsr) {
        this.servletRequest = hsr;

    public String getCookied() {
        return cookied;

    public void setCookied(String cookied) {
        this.cookied = cookied;


  • In the interceptor you could get cookies like

    Cookie[] cookies = ServletActionContext.getRequest().getCookies();

    ServletRequestAware interface is used with actions. To get access to the servlet environment use the ServletActionContext.