Re: How to create a "No Action" ActionForward
I think Srikanth has hit the nail on the head, in that
I am not fully utilizing what is already available
with vanilla J2EE, namely security roles,
authorization constraints, and error pages, all of
which I can declare in the deployment descriptor of my
web app. But I still want to use a Struts component
for the authentication instead of a more traditional
form-based authentication scheme.
Let me outline below what is, I think, a much better
approach and kindly ask for comments, as I'm not
certain that this will work or if it's actually the
smartest way to go.
I would like to use a Struts Action class to handle my
login form, instead of vanilla form-based
authentication, i.e. "j_security_check", for two
reasons: 1) form-based authentication is not very
secure since it passes the user name and password
across the network in clear text, and 2) I want to use
a LDAP server (within my login Action class) to do the
authentication, and this would not be possible using
plain form-based authentication.
So the plan is to have a form in my Login.jsp with the
form's action being the login Action class. The login
Action class will connect to the LDAP server and try
to authenticate using the username and password
supplied as form inputs. If the authentication
succeeds then the user's session is set with the
user's role (also retrieved from the LDAP server), and
then the control is forwarded to the first "logged in"
welcome page. If the authentication fails then the
appropriate error message ("Login failed - try again")
will be added to the ActionErrors and control is
forwarded back to the login page, which will display
the ActionError message via a tag, and
allow the user to try again.
In order to accomplish session authorization of a
session for each *.jsp of the application I will
declare a security constraint in the web.xml, like so:
Restricted Pages
*.jsp
admin
customer
With the above I will get automatic checking of the
user's role by the container at each access of any
*.jsp, and anyone accessing a *.jsp without an
appropriate role set in their session will not be
allowed to access the page. If the user is not in the
appropriate role then I can forward to an error page
by declaring an in the deployment
descriptor.
The above authorization strategy takes care of what I
was trying to accomplish with my SessionValidator
Action class idea from before, which was to check for
a "loggedIn" session attribute before allowing a user
to continue with page processing. In fact it is even
better, in that it allows the flexibility of allowing
different roles and authorization of pages based on
roles and not just on a single "loggedIn" flag.
I am not sure how I will programmatically set the
user's role in the login Action class execute()
method. Is it as simple as just setting a session
attribute named "role" ?
Thanks in advance for your insight.
-James
__
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to create a "No Action" ActionForward for return from an Action's execute() ?
Thanks for all of the suggestions on how to solve this
problem. You have all given good ideas and introduced
me to concepts that I am unfamiliar with as a beginner
with Struts.
To further clarify what I want to do, in case it will
lead to more pointed suggestions - I am including this
session validator on each JSP of my application to
check to make sure that a user is logged in, and if
not I forward to the login page. There really is no
logic involved other than
if (loggedIn)
{
// stay on current page
}
else
{
// go to login page
}
I have done this before by including a servlet on each
page which directs to the login page if the user
wasn't logged in.
If this further information leads you to conclude that
one approach is superior/simpler to another (it looks
like using a Filter or
RequestProcessor.processPreprocess() is the concensus)
then I will certainly appreciate any further
suggestions.
Also, if I decide to use the RequestProcessor, which
seems best, how do I configure it ? I assume that I
just put an entry in the struts-config.xml and specify
the class of the RequestProcessor (I didn't find
anything on this in the User's Guide).
Again thanks for helping me out with this.
-James
__
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
How to create a "No Action" ActionForward for return from an Action's execute() ?
I have created an Action class which does session validation by checking to see if a "loggedIn" flag is set in the session - if it is absent, or set to false, then I want to forward to the login page. However if it is set to true then I don't want to do anything - the execute() method should just complete and control should return to the calling page. But the execute() method must return an ActionForward, and it is impossible to specify a forward name/path for this case in the struts-config.xml since the path should be the path of the page that the action is being called from, and there is no way to know this information beforehand. So I am wondering how can I (within the execute() method of the SessionValidatorAction) create an ActionForward to return which will indicate the path of the calling page ? Is there a way to create and return a "No Action" ActionForward ? Can I just return null ? I am including the action at the top of the JSPs via The action mapping I'm currently using looks like this Is this the right approach/design ? If so how can I return an ActionForward from the SessionValidatorAction's execute() method which forwards control back to the calling page ? If not then how else should I go about this ? Thanks in advance for your feedback. Please Cc: any rsponses to this email address. -James __ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: not displaying the errors?
Thanks for the help. It turned out I'd added a seperate app.properties file in the init parameters for the struts Action servlet in the web.xml which didn't contain the messages I needed. This caused struts to ignore the app2.properties that I'd specified in the message-resources tag of struts-config.xml file. James www.seventyforty.com - Original Message - From: "Bailey, Shane C." <[EMAIL PROTECTED]> To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 3:13 PM Subject: RE: not displaying the errors? > > > I forgot to mention that the only time I can remember that happening is when > I first when to modules and I tried making my own custom bundle for messages > in my module's struts config. > > Error messages weren't showing up because of the custom resource bundle name > in my modules. As soon as I got rid of the custom bundle name in the module > the errors showed up. > > > -Original Message- > From: James Adams [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 9:51 AM > To: [EMAIL PROTECTED] > Subject: not displaying the errors? > > Hello, > > I'm using DynaValidatorForm to check certain form fields are entered as > required. The validation is done sucessfully but I've recently added > somthing that seems to have stopped from displaying the > errors? > Does anyone have any suggestions why this might have happened? is there a > common mistake that might have caused this? or any tips on how to go about > debugging it? > > regards > > James > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
not displaying the errors?
Hello, I'm using DynaValidatorForm to check certain form fields are entered as required. The validation is done sucessfully but I've recently added somthing that seems to have stopped from displaying the errors? Does anyone have any suggestions why this might have happened? is there a common mistake that might have caused this? or any tips on how to go about debugging it? regards James
