Re: Block accessing in some path with filter.
I've some problem with filter. so i'll try with interceptor. i've done something like that: public String intercept(ActionInvocation invocation) throws Exception { Map session = ActionContext.getContext().getSession(); Object o = session.get(logged); boolean ret = false; if (o != null) { String admin = + o; if (admin.equals(admin)) { ret = true; } } if (ret) { return invocation.invoke(); } else { return denied; } } but when i mapped the interceptor, how can i choose what i've to do? i've to put a result named denied in each action? On Wed, May 20, 2009 at 15:28, Andy Sykes a.sy...@ucl.ac.uk wrote: You need to include dispatcher elements in your filter mappings for the Struts filter. eg. filter-mapping filter-namestruts2/filter-name url-pattern/*/url-pattern dispatcherREQUEST/dispatcher dispatcherFORWARD/dispatcher /filter-mapping With no dispatcher element specified, the container assumes you mean the filter chain only gets applied to requests. The dispatcherFORWARD/dispatcher element means the filter chain will get invoked when a servlet performs a forward (as your code does). Just FYI - you may want to consider doing your protection with Interceptors, since it's a bit less clumsy than lugging around servlet filters with Struts. You can very easily write an Interceptor[1] that will return a certain result type (say denied) based on whether a specified attribute exists in the user's session. Doing so is left as an exercise to the reader :) You're not then limited to using mappings in the web.xml, and all the logic is embedded in the framework you've chosen. Struts' interceptors are a very powerful AOP-style pattern that I think are sometimes overlooked and aren't emphasised enough... [1] http://struts.apache.org/2.x/docs/writing-interceptors.html On 20 May 2009, at 13:42, Stefano Tranquillini wrote: now is taked. but i've some problem with the dispacer. i've an action mapped in this way: action name=denied result type=tilesdenied/result /action namespace is / if i manually put in this url: http://localhost:8080//WAP-Shop-war/denied.action its WORKS. the filter, else branch is this: else { RequestDispatcher rd = null; rd = sc.getRequestDispatcher(/denied.action); rd.forward(myRequest, myResponse); } and has to recall the same url see above, but he returns an error (404): type Status report message /WAP-Shop-war/denied.action description The requested resource (/WAP-Shop-war/denied.action) is not available. but is available! ideas? On Wed, May 20, 2009 at 13:35, Andy Sykes a.sy...@ucl.ac.uk wrote: Put the mapping for the admin filter above the struts2 filter. Filters are invoked in the order in web.xml, first to last. The struts filter is catching the request first and dispatching it before it ever reaches the admin filter. On 20 May 2009, at 09:37, Stefano Tranquillini wrote: Hi all. i need to block the path /admin/ for all the pepole. only the people logged in as root can access it. i've done a filter, but struts seems to dosen't works with its filter filter-namestruts2/filter-name filter-classorg.apache.struts2.dispatcher.FilterDispatcher/filter-class /filter filter filter-nameadminFilter/filter-name filter-classfilter.AdminFilter/filter-class /filter filter-mapping filter-namestruts2/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameadminFilter/filter-name url-pattern/admin/*/url-pattern /filter-mapping public class AdminFilter implements Filter { FilterConfig fc; public AdminFilter() { } public void init(FilterConfig fc) throws ServletException { this.fc = fc; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println(i'm the filter!); HttpServletResponse myResponse = (HttpServletResponse) response; HttpServletRequest myRequest = (HttpServletRequest) request; String user = (String) myRequest.getSession().getAttribute(logged); ServletContext sc = fc.getServletContext(); if (user.equals(admin)) { String requestURI = myRequest.getRequestURI(); int pathLength = myRequest.getContextPath().length(); StringBuffer relativeURI = new StringBuffer(requestURI.substring(pathLength)); String query = myRequest.getQueryString(); if (query != null) { relativeURI.append(?).append(query); } RequestDispatcher rd = null; if (relativeURI.toString().length() 0) { rd = sc.getRequestDispatcher(relativeURI.toString()); } else { rd =
Re: Block accessing in some path with filter.
Hi Stefano, use global forward. Best greetings, Paweł Wielgus. 2009/5/21 Stefano Tranquillini stefano.tranquill...@gmail.com: I've some problem with filter. so i'll try with interceptor. i've done something like that: public String intercept(ActionInvocation invocation) throws Exception { Map session = ActionContext.getContext().getSession(); Object o = session.get(logged); boolean ret = false; if (o != null) { String admin = + o; if (admin.equals(admin)) { ret = true; } } if (ret) { return invocation.invoke(); } else { return denied; } } but when i mapped the interceptor, how can i choose what i've to do? i've to put a result named denied in each action? On Wed, May 20, 2009 at 15:28, Andy Sykes a.sy...@ucl.ac.uk wrote: You need to include dispatcher elements in your filter mappings for the Struts filter. eg. filter-mapping filter-namestruts2/filter-name url-pattern/*/url-pattern dispatcherREQUEST/dispatcher dispatcherFORWARD/dispatcher /filter-mapping With no dispatcher element specified, the container assumes you mean the filter chain only gets applied to requests. The dispatcherFORWARD/dispatcher element means the filter chain will get invoked when a servlet performs a forward (as your code does). Just FYI - you may want to consider doing your protection with Interceptors, since it's a bit less clumsy than lugging around servlet filters with Struts. You can very easily write an Interceptor[1] that will return a certain result type (say denied) based on whether a specified attribute exists in the user's session. Doing so is left as an exercise to the reader :) You're not then limited to using mappings in the web.xml, and all the logic is embedded in the framework you've chosen. Struts' interceptors are a very powerful AOP-style pattern that I think are sometimes overlooked and aren't emphasised enough... [1] http://struts.apache.org/2.x/docs/writing-interceptors.html On 20 May 2009, at 13:42, Stefano Tranquillini wrote: now is taked. but i've some problem with the dispacer. i've an action mapped in this way: action name=denied result type=tilesdenied/result /action namespace is / if i manually put in this url: http://localhost:8080//WAP-Shop-war/denied.action its WORKS. the filter, else branch is this: else { RequestDispatcher rd = null; rd = sc.getRequestDispatcher(/denied.action); rd.forward(myRequest, myResponse); } and has to recall the same url see above, but he returns an error (404): type Status report message /WAP-Shop-war/denied.action description The requested resource (/WAP-Shop-war/denied.action) is not available. but is available! ideas? On Wed, May 20, 2009 at 13:35, Andy Sykes a.sy...@ucl.ac.uk wrote: Put the mapping for the admin filter above the struts2 filter. Filters are invoked in the order in web.xml, first to last. The struts filter is catching the request first and dispatching it before it ever reaches the admin filter. On 20 May 2009, at 09:37, Stefano Tranquillini wrote: Hi all. i need to block the path /admin/ for all the pepole. only the people logged in as root can access it. i've done a filter, but struts seems to dosen't works with its filter filter-namestruts2/filter-name filter-classorg.apache.struts2.dispatcher.FilterDispatcher/filter-class /filter filter filter-nameadminFilter/filter-name filter-classfilter.AdminFilter/filter-class /filter filter-mapping filter-namestruts2/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameadminFilter/filter-name url-pattern/admin/*/url-pattern /filter-mapping public class AdminFilter implements Filter { FilterConfig fc; public AdminFilter() { } public void init(FilterConfig fc) throws ServletException { this.fc = fc; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println(i'm the filter!); HttpServletResponse myResponse = (HttpServletResponse) response; HttpServletRequest myRequest = (HttpServletRequest) request; String user = (String) myRequest.getSession().getAttribute(logged); ServletContext sc = fc.getServletContext(); if (user.equals(admin)) { String requestURI = myRequest.getRequestURI(); int pathLength = myRequest.getContextPath().length(); StringBuffer relativeURI = new StringBuffer(requestURI.substring(pathLength)); String query = myRequest.getQueryString(); if (query != null) { relativeURI.append(?).append(query); } RequestDispatcher rd = null; if
Re: Block accessing in some path with filter.
2009/5/21 Paweł Wielgus poulw...@gmail.com: global forward thanks, but i definide in struts my interceptors in this way: package name=admin extends=default namespace=/admin interceptors interceptor name=adminLogin class=interceptors.AdminLogin/ /interceptors in order to use the interceptors only when namespace is /admin/* but the interceptor is never called! ideas? thanks -- Stefano - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Block accessing in some path with filter.
thanks, but i definide in struts my interceptors in this way: package name=admin extends=default namespace=/admin interceptors interceptor name=adminLogin class=interceptors.AdminLogin/ /interceptors in order to use the interceptors only when namespace is /admin/* but the interceptor is never called! And: where i've to put the globalforward? i putted a the end of the sturts.xml something like that global-forwards forward name=denied path=/deniedShow.action/ /global-forwards has to be inside package or something else? the error is: 2009-05-21 16:56:51,171 ERROR [com.opensymphony.xwork2.util.DomHelper] (HDScanner) Element type global-forwards must be declared. at (null:92:22) org.xml.sax.SAXParseException: Element type global-forwards must be declared. 2009/5/21 Stefano elste...@gmail.com: 2009/5/21 Paweł Wielgus poulw...@gmail.com: global forward thanks, but i definide in struts my interceptors in this way: package name=admin extends=default namespace=/admin interceptors interceptor name=adminLogin class=interceptors.AdminLogin/ /interceptors in order to use the interceptors only when namespace is /admin/* but the interceptor is never called! ideas? thanks -- Stefano -- Stefano - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Block accessing in some path with filter.
Big problem folks. i already have an interceptor form the ejb. so i need to use both of these interceptors. i've to update the DEFAULT PACKAGE in this way: interceptors interceptor name=ejb3 class=com.opensymphony.xwork2.ejb3plugin.InjectEJBInterceptor/interceptor interceptor name=adminLogin class=interceptors.AdminLogin/ interceptor-stack name=new.stack interceptor-ref name=adminLogin / interceptor-ref name=ejb3 / interceptor-ref name=defaultStack / /interceptor-stack /interceptors default-interceptor-ref name=new.stack / i can't simply add the interceptor in the package admin and set default-interceptor at my LoginInterceptor, because otherwise the ejb3 interceptor is not called! well, now the adminLogin is always called. but how can i check if the action is in the namespace /admin? or, i can put the interceptor in package /admin and adding this interceptor at new.stack? 2009/5/21 Stefano Tranquillini stefano.tranquill...@gmail.com: thanks, but i definide in struts my interceptors in this way: package name=admin extends=default namespace=/admin interceptors interceptor name=adminLogin class=interceptors.AdminLogin/ /interceptors in order to use the interceptors only when namespace is /admin/* but the interceptor is never called! And: where i've to put the globalforward? i putted a the end of the sturts.xml something like that global-forwards forward name=denied path=/deniedShow.action/ /global-forwards has to be inside package or something else? the error is: 2009-05-21 16:56:51,171 ERROR [com.opensymphony.xwork2.util.DomHelper] (HDScanner) Element type global-forwards must be declared. at (null:92:22) org.xml.sax.SAXParseException: Element type global-forwards must be declared. 2009/5/21 Stefano elste...@gmail.com: 2009/5/21 Paweł Wielgus poulw...@gmail.com: global forward thanks, but i definide in struts my interceptors in this way: package name=admin extends=default namespace=/admin interceptors interceptor name=adminLogin class=interceptors.AdminLogin/ /interceptors in order to use the interceptors only when namespace is /admin/* but the interceptor is never called! ideas? thanks -- Stefano -- Stefano -- Stefano - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Block accessing in some path with filter.
Read the section on the config file elements in struts.xml on the Struts2 docs site. Also read the Interceptors guide[1]. You have to specify the interceptor stack on the action. You can use the default-interceptor-ref element to specify what stack to use by default. And what you've defined is not an interceptor stack - it's just an interceptor alone. What you want to do is specify something like this: interceptors interceptor name=adminLogin class=com.mycompany.myproduct.AdminInterceptor/ interceptor-stack name=adminStack interceptor-ref name=defaultStack/ interceptor-ref name=adminLogin/ /interceptor-stack /interceptors That adds the admin interceptor to the bottom of the basic interceptor stack. Look at the docs - you'll get a faster answer than coming to the mailing list with every question. They really are very good docs, as docs go. Andy. [1] http://struts.apache.org/2.x/docs/interceptors.html On 21 May 2009, at 16:00, Stefano Tranquillini wrote: thanks, but i definide in struts my interceptors in this way: package name=admin extends=default namespace=/admin interceptors interceptor name=adminLogin class=interceptors.AdminLogin/ /interceptors in order to use the interceptors only when namespace is /admin/* but the interceptor is never called! And: where i've to put the globalforward? i putted a the end of the sturts.xml something like that global-forwards forward name=denied path=/deniedShow.action/ /global-forwards has to be inside package or something else? the error is: 2009-05-21 16:56:51,171 ERROR [com.opensymphony.xwork2.util.DomHelper] (HDScanner) Element type global-forwards must be declared. at (null:92:22) org.xml.sax.SAXParseException: Element type global-forwards must be declared. 2009/5/21 Stefano elste...@gmail.com: 2009/5/21 Paweł Wielgus poulw...@gmail.com: global forward thanks, but i definide in struts my interceptors in this way: package name=admin extends=default namespace=/admin interceptors interceptor name=adminLogin class=interceptors.AdminLogin/ /interceptors in order to use the interceptors only when namespace is /admin/* but the interceptor is never called! ideas? thanks -- Stefano -- Stefano - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Block accessing in some path with filter.
Put the mapping for the admin filter above the struts2 filter. Filters are invoked in the order in web.xml, first to last. The struts filter is catching the request first and dispatching it before it ever reaches the admin filter. On 20 May 2009, at 09:37, Stefano Tranquillini wrote: Hi all. i need to block the path /admin/ for all the pepole. only the people logged in as root can access it. i've done a filter, but struts seems to dosen't works with its filter filter-namestruts2/filter-name filter-classorg.apache.struts2.dispatcher.FilterDispatcher/ filter-class /filter filter filter-nameadminFilter/filter-name filter-classfilter.AdminFilter/filter-class /filter filter-mapping filter-namestruts2/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameadminFilter/filter-name url-pattern/admin/*/url-pattern /filter-mapping public class AdminFilter implements Filter { FilterConfig fc; public AdminFilter() { } public void init(FilterConfig fc) throws ServletException { this.fc = fc; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println(i'm the filter!); HttpServletResponse myResponse = (HttpServletResponse) response; HttpServletRequest myRequest = (HttpServletRequest) request; String user = (String) myRequest.getSession().getAttribute(logged); ServletContext sc = fc.getServletContext(); if (user.equals(admin)) { String requestURI = myRequest.getRequestURI(); int pathLength = myRequest.getContextPath().length(); StringBuffer relativeURI = new StringBuffer(requestURI.substring(pathLength)); String query = myRequest.getQueryString(); if (query != null) { relativeURI.append(?).append(query); } RequestDispatcher rd = null; if (relativeURI.toString().length() 0) { rd = sc.getRequestDispatcher(relativeURI.toString()); } else { rd = sc.getRequestDispatcher(/WAP-Shop-war/); } rd.forward(myRequest, myResponse); } else { RequestDispatcher rd = null; rd = sc.getRequestDispatcher(/WAP-Shop-war/); rd.forward(myRequest, myResponse); } return; } public void destroy() { } } when i put the url like: http://localhost:8080/WAP-Shop-war/admin/showAddItem.action i see the page and i don't see the string: i'm the filter! where's the fault? -- Stefano - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Block accessing in some path with filter.
now is taked. but i've some problem with the dispacer. i've an action mapped in this way: action name=denied result type=tilesdenied/result /action namespace is / if i manually put in this url: http://localhost:8080//WAP-Shop-war/denied.action its WORKS. the filter, else branch is this: else { RequestDispatcher rd = null; rd = sc.getRequestDispatcher(/denied.action); rd.forward(myRequest, myResponse); } and has to recall the same url see above, but he returns an error (404): type Status report message /WAP-Shop-war/denied.action description The requested resource (/WAP-Shop-war/denied.action) is not available. but is available! ideas? On Wed, May 20, 2009 at 13:35, Andy Sykes a.sy...@ucl.ac.uk wrote: Put the mapping for the admin filter above the struts2 filter. Filters are invoked in the order in web.xml, first to last. The struts filter is catching the request first and dispatching it before it ever reaches the admin filter. On 20 May 2009, at 09:37, Stefano Tranquillini wrote: Hi all. i need to block the path /admin/ for all the pepole. only the people logged in as root can access it. i've done a filter, but struts seems to dosen't works with its filter filter-namestruts2/filter-name filter-classorg.apache.struts2.dispatcher.FilterDispatcher/filter-class /filter filter filter-nameadminFilter/filter-name filter-classfilter.AdminFilter/filter-class /filter filter-mapping filter-namestruts2/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameadminFilter/filter-name url-pattern/admin/*/url-pattern /filter-mapping public class AdminFilter implements Filter { FilterConfig fc; public AdminFilter() { } public void init(FilterConfig fc) throws ServletException { this.fc = fc; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println(i'm the filter!); HttpServletResponse myResponse = (HttpServletResponse) response; HttpServletRequest myRequest = (HttpServletRequest) request; String user = (String) myRequest.getSession().getAttribute(logged); ServletContext sc = fc.getServletContext(); if (user.equals(admin)) { String requestURI = myRequest.getRequestURI(); int pathLength = myRequest.getContextPath().length(); StringBuffer relativeURI = new StringBuffer(requestURI.substring(pathLength)); String query = myRequest.getQueryString(); if (query != null) { relativeURI.append(?).append(query); } RequestDispatcher rd = null; if (relativeURI.toString().length() 0) { rd = sc.getRequestDispatcher(relativeURI.toString()); } else { rd = sc.getRequestDispatcher(/WAP-Shop-war/); } rd.forward(myRequest, myResponse); } else { RequestDispatcher rd = null; rd = sc.getRequestDispatcher(/WAP-Shop-war/); rd.forward(myRequest, myResponse); } return; } public void destroy() { } } when i put the url like: http://localhost:8080/WAP-Shop-war/admin/showAddItem.action i see the page and i don't see the string: i'm the filter! where's the fault? -- Stefano - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Stefano - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Block accessing in some path with filter.
You need to include dispatcher elements in your filter mappings for the Struts filter. eg. filter-mapping filter-namestruts2/filter-name url-pattern/*/url-pattern dispatcherREQUEST/dispatcher dispatcherFORWARD/dispatcher /filter-mapping With no dispatcher element specified, the container assumes you mean the filter chain only gets applied to requests. The dispatcherFORWARD/dispatcher element means the filter chain will get invoked when a servlet performs a forward (as your code does). Just FYI - you may want to consider doing your protection with Interceptors, since it's a bit less clumsy than lugging around servlet filters with Struts. You can very easily write an Interceptor[1] that will return a certain result type (say denied) based on whether a specified attribute exists in the user's session. Doing so is left as an exercise to the reader :) You're not then limited to using mappings in the web.xml, and all the logic is embedded in the framework you've chosen. Struts' interceptors are a very powerful AOP-style pattern that I think are sometimes overlooked and aren't emphasised enough... [1] http://struts.apache.org/2.x/docs/writing-interceptors.html On 20 May 2009, at 13:42, Stefano Tranquillini wrote: now is taked. but i've some problem with the dispacer. i've an action mapped in this way: action name=denied result type=tilesdenied/result /action namespace is / if i manually put in this url: http://localhost:8080//WAP-Shop-war/denied.action its WORKS. the filter, else branch is this: else { RequestDispatcher rd = null; rd = sc.getRequestDispatcher(/denied.action); rd.forward(myRequest, myResponse); } and has to recall the same url see above, but he returns an error (404): type Status report message /WAP-Shop-war/denied.action description The requested resource (/WAP-Shop-war/denied.action) is not available. but is available! ideas? On Wed, May 20, 2009 at 13:35, Andy Sykes a.sy...@ucl.ac.uk wrote: Put the mapping for the admin filter above the struts2 filter. Filters are invoked in the order in web.xml, first to last. The struts filter is catching the request first and dispatching it before it ever reaches the admin filter. On 20 May 2009, at 09:37, Stefano Tranquillini wrote: Hi all. i need to block the path /admin/ for all the pepole. only the people logged in as root can access it. i've done a filter, but struts seems to dosen't works with its filter filter-namestruts2/filter-name filter-classorg.apache.struts2.dispatcher.FilterDispatcher/ filter-class /filter filter filter-nameadminFilter/filter-name filter-classfilter.AdminFilter/filter-class /filter filter-mapping filter-namestruts2/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameadminFilter/filter-name url-pattern/admin/*/url-pattern /filter-mapping public class AdminFilter implements Filter { FilterConfig fc; public AdminFilter() { } public void init(FilterConfig fc) throws ServletException { this.fc = fc; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println(i'm the filter!); HttpServletResponse myResponse = (HttpServletResponse) response; HttpServletRequest myRequest = (HttpServletRequest) request; String user = (String) myRequest.getSession().getAttribute(logged); ServletContext sc = fc.getServletContext(); if (user.equals(admin)) { String requestURI = myRequest.getRequestURI(); int pathLength = myRequest.getContextPath().length(); StringBuffer relativeURI = new StringBuffer(requestURI.substring(pathLength)); String query = myRequest.getQueryString(); if (query != null) { relativeURI.append(?).append(query); } RequestDispatcher rd = null; if (relativeURI.toString().length() 0) { rd = sc.getRequestDispatcher(relativeURI.toString()); } else { rd = sc.getRequestDispatcher(/WAP-Shop-war/); } rd.forward(myRequest, myResponse); } else { RequestDispatcher rd = null; rd = sc.getRequestDispatcher(/WAP-Shop-war/); rd.forward(myRequest, myResponse); } return; } public void destroy() { } } when i put the url like: http://localhost:8080/WAP-Shop-war/admin/showAddItem.action i see the page and i don't see the string: i'm the filter! where's the fault? -- Stefano - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To