Re: S2 custom authentication: remembering original request
Uploading files is not working.
Files are not set in the action, there are no files in the request, and no
files detected by File Upload Interceptor (FUI).
Redirection Interceptor (RI) runs before the default stack FUI.
RI stores in session the request parameters before FUI has any chance to run.
When the time comes for the original request (default stack) it seems FUI has
no way to recover any multipart information. When RI restores original
'standard' parameters (
nvocation.getInvocationContext().getParameters().put(name, value) ) it seems
any multipart information is missing.
The question is: How can I save original multipart data and restore it when the
original action runs?
El Martes, 16 de julio de 2013 09:59:27 Antonios Gkogkakis escribió:
You don't have to store text, you can store Object or even the File itself.
it depend on where/when you extract the params from the original request
Antonios
On 16 July 2013 09:51, Antonio Sánchez juntandolin...@gmail.com wrote:
El Martes, 16 de julio de 2013 09:16:12 Antonios Gkogkakis escribió:
Hi Antonio,
I don't see anything different with the multipart requests, are you
experiencing issues?
I'll try to test multipart requests and will let you know. I must first
review file uploading. The potential problem I see is that I am only saving
in session text parameters. I don't know how binary data is transported in
the request. I headers are involved then they need to be saved too.
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote:
Hi Antonios. Thank you very much.
I was using
invocation.getProxy().getConfig().getParams()
instead, but that returns an immutable map. It works using
getInvocationContext().getParameters(). Thank you.
I have to say that I'm not chaining actions: it doesn't make sense to
remember the original request if Login.jsp result breaks the chain
and, at
the end of the day, I have to code for remembering the original
parameters
(in the interceptor). I'm using redirectAction.
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió:
Hi Antonio,
You can't modify the parameter map from the Servlet request, but you
can
pass the extra params from your first request to your action
by putting them in the struts parameters map by calling invocation.
getInvocationContext().getParameters().#put.
So to recap, you have your interceptor that catches the unauthorised
action, you store the uri and all the params you need in the session,
you redirect to the login page, and on login success you pass add the
extra
params to the strut2 parameter map, and then struts will populate
your
action.
Antonios
On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com
wrote:
The problem was I did not consider the namespace in the
interceptor,
config file and login action.
action name=authenticate class...
result type=chain
param name=actionName${#session.action}/param
param name=namespace${#session.space}/param
/result
/action
Well, this is actually the easy part but the original question
remains:
How do I remember the original request parameters?
When the flow is forwarded to Login.jsp the original request is
lost. I
can save the parameters map in session but when the time comes for
the
originally requested action (dynamic result) I don't know how to
pass
the
original request parameters. I guess the right place to do it is
the
custom
interceptor but I don't know how to pass parameters to the
request. Is
it
possible to do?
El Viernes, 12 de julio de 2013 17:39:59 usted escribió:
If I use redirections I will lose the original
request(parameters,
uploading binary data ...). But I am unable to make it work using
forwards
(chaining actions).
I give up. I can't do his with S2. I guess this use case requires
some
external approach: servlet filter (as Dave pointed out), container
managed
security, Spring security...
Thank you all for your support.
El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto'
parameter
Re: S2 custom authentication: remembering original request
El Martes, 16 de julio de 2013 09:16:12 Antonios Gkogkakis escribió:
Hi Antonio,
I don't see anything different with the multipart requests, are you
experiencing issues?
I'll try to test multipart requests and will let you know. I must first review
file uploading. The potential problem I see is that I am only saving in session
text parameters. I don't know how binary data is transported in the request. I
headers are involved then they need to be saved too.
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote:
Hi Antonios. Thank you very much.
I was using
invocation.getProxy().getConfig().getParams()
instead, but that returns an immutable map. It works using
getInvocationContext().getParameters(). Thank you.
I have to say that I'm not chaining actions: it doesn't make sense to
remember the original request if Login.jsp result breaks the chain and, at
the end of the day, I have to code for remembering the original parameters
(in the interceptor). I'm using redirectAction.
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió:
Hi Antonio,
You can't modify the parameter map from the Servlet request, but you can
pass the extra params from your first request to your action
by putting them in the struts parameters map by calling invocation.
getInvocationContext().getParameters().#put.
So to recap, you have your interceptor that catches the unauthorised
action, you store the uri and all the params you need in the session,
you redirect to the login page, and on login success you pass add the
extra
params to the strut2 parameter map, and then struts will populate your
action.
Antonios
On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote:
The problem was I did not consider the namespace in the interceptor,
config file and login action.
action name=authenticate class...
result type=chain
param name=actionName${#session.action}/param
param name=namespace${#session.space}/param
/result
/action
Well, this is actually the easy part but the original question remains:
How do I remember the original request parameters?
When the flow is forwarded to Login.jsp the original request is lost. I
can save the parameters map in session but when the time comes for the
originally requested action (dynamic result) I don't know how to pass
the
original request parameters. I guess the right place to do it is the
custom
interceptor but I don't know how to pass parameters to the request. Is
it
possible to do?
El Viernes, 12 de julio de 2013 17:39:59 usted escribió:
If I use redirections I will lose the original request(parameters,
uploading binary data ...). But I am unable to make it work using
forwards
(chaining actions).
I give up. I can't do his with S2. I guess this use case requires
some
external approach: servlet filter (as Dave pointed out), container
managed
security, Spring security...
Thank you all for your support.
El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto'
parameter
which will holds the redirectaction. Upon login interception you
will
first
check the login is done and then check for this parameter if there
any
value then simply forward to that action. else if login is required
redirect it to the login page.
If 'redirectto' url parameter is blank and login is success then
forward it
to the home page.
On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction)
to a
global
result if no user object is found in session. The final action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and
puts
it in
the value stack. It would be used with dynamic redirection in the
final
result upon login success( ${nextAction} ) . This action must be
passed in
between redirections.
But I need
Re: S2 custom authentication: remembering original request
You don't have to store text, you can store Object or even the File itself.
it depend on where/when you extract the params from the original request
Antonios
On 16 July 2013 09:51, Antonio Sánchez juntandolin...@gmail.com wrote:
El Martes, 16 de julio de 2013 09:16:12 Antonios Gkogkakis escribió:
Hi Antonio,
I don't see anything different with the multipart requests, are you
experiencing issues?
I'll try to test multipart requests and will let you know. I must first
review file uploading. The potential problem I see is that I am only saving
in session text parameters. I don't know how binary data is transported in
the request. I headers are involved then they need to be saved too.
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote:
Hi Antonios. Thank you very much.
I was using
invocation.getProxy().getConfig().getParams()
instead, but that returns an immutable map. It works using
getInvocationContext().getParameters(). Thank you.
I have to say that I'm not chaining actions: it doesn't make sense to
remember the original request if Login.jsp result breaks the chain
and, at
the end of the day, I have to code for remembering the original
parameters
(in the interceptor). I'm using redirectAction.
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió:
Hi Antonio,
You can't modify the parameter map from the Servlet request, but you
can
pass the extra params from your first request to your action
by putting them in the struts parameters map by calling invocation.
getInvocationContext().getParameters().#put.
So to recap, you have your interceptor that catches the unauthorised
action, you store the uri and all the params you need in the session,
you redirect to the login page, and on login success you pass add the
extra
params to the strut2 parameter map, and then struts will populate
your
action.
Antonios
On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com
wrote:
The problem was I did not consider the namespace in the
interceptor,
config file and login action.
action name=authenticate class...
result type=chain
param name=actionName${#session.action}/param
param name=namespace${#session.space}/param
/result
/action
Well, this is actually the easy part but the original question
remains:
How do I remember the original request parameters?
When the flow is forwarded to Login.jsp the original request is
lost. I
can save the parameters map in session but when the time comes for
the
originally requested action (dynamic result) I don't know how to
pass
the
original request parameters. I guess the right place to do it is
the
custom
interceptor but I don't know how to pass parameters to the
request. Is
it
possible to do?
El Viernes, 12 de julio de 2013 17:39:59 usted escribió:
If I use redirections I will lose the original
request(parameters,
uploading binary data ...). But I am unable to make it work using
forwards
(chaining actions).
I give up. I can't do his with S2. I guess this use case requires
some
external approach: servlet filter (as Dave pointed out), container
managed
security, Spring security...
Thank you all for your support.
El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto'
parameter
which will holds the redirectaction. Upon login interception
you
will
first
check the login is done and then check for this parameter if
there
any
value then simply forward to that action. else if login is
required
redirect it to the login page.
If 'redirectto' url parameter is blank and login is success
then
forward it
to the home page.
On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Use Case: request some protected resource - redirect action
for
authentication - access protected resource.
I'm using a custom interceptor that redirects
(redirectAction)
to a
global
result if no user object is found in session. The final
action
result then
redirects to a login page.
RE: S2 custom authentication: remembering original request
be careful when storing params into session during redirect
remember redirect invalidates the original session and creates a brand new
session from client's browser
Best to tuck away the old parameters anywhere but in the session
then construct redirect with Location header pointing to the new action
(appending the old parameters)
when constrcuting a response with an specific mime-type remember the
ContentType must be set in the response e.g:
response.setContentType(application/octet-stream);
then pass to filters in your chain:
chain.doFilter(request, response);
Mime-mappings are set in web.xml as seen here
mime-mapping
extensionmysuffix/extension
mime-typemymime/type/mime-type
/mime-mapping
--
or in mime.properties
Martin Gainty
__
Date: Tue, 16 Jul 2013 09:16:12 +0100
Subject: Re: S2 custom authentication: remembering original request
From: gkogk...@tcd.ie
To: user@struts.apache.org
Hi Antonio,
I don't see anything different with the multipart requests, are you
experiencing issues?
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote:
Hi Antonios. Thank you very much.
I was using
invocation.getProxy().getConfig().getParams()
instead, but that returns an immutable map. It works using
getInvocationContext().getParameters(). Thank you.
I have to say that I'm not chaining actions: it doesn't make sense to
remember the original request if Login.jsp result breaks the chain and, at
the end of the day, I have to code for remembering the original parameters
(in the interceptor). I'm using redirectAction.
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió:
Hi Antonio,
You can't modify the parameter map from the Servlet request, but you can
pass the extra params from your first request to your action
by putting them in the struts parameters map by calling invocation.
getInvocationContext().getParameters().#put.
So to recap, you have your interceptor that catches the unauthorised
action, you store the uri and all the params you need in the session,
you redirect to the login page, and on login success you pass add the
extra
params to the strut2 parameter map, and then struts will populate your
action.
Antonios
On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote:
The problem was I did not consider the namespace in the interceptor,
config file and login action.
action name=authenticate class...
result type=chain
param name=actionName${#session.action}/param
param name=namespace${#session.space}/param
/result
/action
Well, this is actually the easy part but the original question remains:
How do I remember the original request parameters?
When the flow is forwarded to Login.jsp the original request is lost. I
can save the parameters map in session but when the time comes for the
originally requested action (dynamic result) I don't know how to pass
the
original request parameters. I guess the right place to do it is the
custom
interceptor but I don't know how to pass parameters to the request. Is
it
possible to do?
El Viernes, 12 de julio de 2013 17:39:59 usted escribió:
If I use redirections I will lose the original request(parameters,
uploading binary data ...). But I am unable to make it work using
forwards
(chaining actions).
I give up. I can't do his with S2. I guess this use case requires
some
external approach: servlet filter (as Dave pointed out), container
managed
security, Spring security...
Thank you all for your support.
El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto'
parameter
which will holds the redirectaction. Upon login interception you
will
first
check the login is done and then check for this parameter if there
any
value then simply forward to that action. else if login is required
redirect it to the login page.
If 'redirectto' url parameter is blank and login is success then
forward it
to the home page.
On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Use Case: request some protected resource - redirect action for
authentication - access
Re: S2 custom authentication: remembering original request
El Martes, 16 de julio de 2013 09:59:27 Antonios Gkogkakis escribió:
You don't have to store text, you can store Object or even the File itself.
it depend on where/when you extract the params from the original request
In the interceptor. But the interceptor is not responsible of uploading. I
don't know how it works (uploading binary data), I must review first.
Antonios
On 16 July 2013 09:51, Antonio Sánchez juntandolin...@gmail.com wrote:
El Martes, 16 de julio de 2013 09:16:12 Antonios Gkogkakis escribió:
Hi Antonio,
I don't see anything different with the multipart requests, are you
experiencing issues?
I'll try to test multipart requests and will let you know. I must first
review file uploading. The potential problem I see is that I am only saving
in session text parameters. I don't know how binary data is transported in
the request. I headers are involved then they need to be saved too.
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote:
Hi Antonios. Thank you very much.
I was using
invocation.getProxy().getConfig().getParams()
instead, but that returns an immutable map. It works using
getInvocationContext().getParameters(). Thank you.
I have to say that I'm not chaining actions: it doesn't make sense to
remember the original request if Login.jsp result breaks the chain
and, at
the end of the day, I have to code for remembering the original
parameters
(in the interceptor). I'm using redirectAction.
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió:
Hi Antonio,
You can't modify the parameter map from the Servlet request, but you
can
pass the extra params from your first request to your action
by putting them in the struts parameters map by calling invocation.
getInvocationContext().getParameters().#put.
So to recap, you have your interceptor that catches the unauthorised
action, you store the uri and all the params you need in the session,
you redirect to the login page, and on login success you pass add the
extra
params to the strut2 parameter map, and then struts will populate
your
action.
Antonios
On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com
wrote:
The problem was I did not consider the namespace in the
interceptor,
config file and login action.
action name=authenticate class...
result type=chain
param name=actionName${#session.action}/param
param name=namespace${#session.space}/param
/result
/action
Well, this is actually the easy part but the original question
remains:
How do I remember the original request parameters?
When the flow is forwarded to Login.jsp the original request is
lost. I
can save the parameters map in session but when the time comes for
the
originally requested action (dynamic result) I don't know how to
pass
the
original request parameters. I guess the right place to do it is
the
custom
interceptor but I don't know how to pass parameters to the
request. Is
it
possible to do?
El Viernes, 12 de julio de 2013 17:39:59 usted escribió:
If I use redirections I will lose the original
request(parameters,
uploading binary data ...). But I am unable to make it work using
forwards
(chaining actions).
I give up. I can't do his with S2. I guess this use case requires
some
external approach: servlet filter (as Dave pointed out), container
managed
security, Spring security...
Thank you all for your support.
El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto'
parameter
which will holds the redirectaction. Upon login interception
you
will
first
check the login is done and then check for this parameter if
there
any
value then simply forward to that action. else if login is
required
redirect it to the login page.
If 'redirectto' url parameter is blank and login is success
then
forward it
to the home page.
On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Re: S2 custom authentication: remembering original request
El Martes, 16 de julio de 2013 05:20:05 Martin Gainty escribió:
be careful when storing params into session during redirect
remember redirect invalidates the original session and creates a brand new
session from client's browser
It's working in my test (Tomcat). The question is: does a redirectAction result
invalidate the session? If it doesn't I can safely use session.
Best to tuck away the old parameters anywhere but in the session
then construct redirect with Location header pointing to the new action
(appending the old parameters)
when constrcuting a response with an specific mime-type remember the
ContentType must be set in the response e.g:
response.setContentType(application/octet-stream);
then pass to filters in your chain:
chain.doFilter(request, response);
Mime-mappings are set in web.xml as seen here
mime-mapping
extensionmysuffix/extension
mime-typemymime/type/mime-type
/mime-mapping
--
or in mime.properties
__
Date: Tue, 16 Jul 2013 09:16:12 +0100
Subject: Re: S2 custom authentication: remembering original request
From: gkogk...@tcd.ie
To: user@struts.apache.org
Hi Antonio,
I don't see anything different with the multipart requests, are you
experiencing issues?
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote:
Hi Antonios. Thank you very much.
I was using
invocation.getProxy().getConfig().getParams()
instead, but that returns an immutable map. It works using
getInvocationContext().getParameters(). Thank you.
I have to say that I'm not chaining actions: it doesn't make sense to
remember the original request if Login.jsp result breaks the chain and, at
the end of the day, I have to code for remembering the original parameters
(in the interceptor). I'm using redirectAction.
One more question: What should I do in case the original request is a
multipart request? For instance: select picture - click upload -
authentication - upload action.
El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió:
Hi Antonio,
You can't modify the parameter map from the Servlet request, but you can
pass the extra params from your first request to your action
by putting them in the struts parameters map by calling invocation.
getInvocationContext().getParameters().#put.
So to recap, you have your interceptor that catches the unauthorised
action, you store the uri and all the params you need in the session,
you redirect to the login page, and on login success you pass add the
extra
params to the strut2 parameter map, and then struts will populate your
action.
Antonios
On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote:
The problem was I did not consider the namespace in the interceptor,
config file and login action.
action name=authenticate class...
result type=chain
param name=actionName${#session.action}/param
param name=namespace${#session.space}/param
/result
/action
Well, this is actually the easy part but the original question
remains:
How do I remember the original request parameters?
When the flow is forwarded to Login.jsp the original request is lost.
I
can save the parameters map in session but when the time comes for the
originally requested action (dynamic result) I don't know how to pass
the
original request parameters. I guess the right place to do it is the
custom
interceptor but I don't know how to pass parameters to the request. Is
it
possible to do?
El Viernes, 12 de julio de 2013 17:39:59 usted escribió:
If I use redirections I will lose the original request(parameters,
uploading binary data ...). But I am unable to make it work using
forwards
(chaining actions).
I give up. I can't do his with S2. I guess this use case requires
some
external approach: servlet filter (as Dave pointed out), container
managed
security, Spring security...
Thank you all for your support.
El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto'
parameter
which will holds the redirectaction. Upon login interception you
will
first
check the login is done and then check for this parameter if there
any
value then simply forward to that action. else if login is
required
RE: S2 custom authentication: remembering original request
On Jul 16, 2013 5:20 AM, Martin Gainty mgai...@hotmail.com wrote: be careful when storing params into session during redirect remember redirect invalidates the original session and creates a brand new session from client's browser That would mean if you redirected you'd be logged out every time. That would break every website in the world, and would render very common patterns like post-redirect-get useless. Dave
Re: S2 custom authentication: remembering original request
The problem was I did not consider the namespace in the interceptor, config
file and login action.
action name=authenticate class...
result type=chain
param name=actionName${#session.action}/param
param name=namespace${#session.space}/param
/result
/action
Well, this is actually the easy part but the original question remains: How do
I remember the original request parameters?
When the flow is forwarded to Login.jsp the original request is lost. I can
save the parameters map in session but when the time comes for the originally
requested action (dynamic result) I don't know how to pass the original request
parameters. I guess the right place to do it is the custom interceptor but I
don't know how to pass parameters to the request. Is it possible to do?
El Viernes, 12 de julio de 2013 17:39:59 usted escribió:
If I use redirections I will lose the original request(parameters,
uploading binary data ...). But I am unable to make it work using forwards
(chaining actions).
I give up. I can't do his with S2. I guess this use case requires some
external approach: servlet filter (as Dave pointed out), container managed
security, Spring security...
Thank you all for your support.
El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto' parameter
which will holds the redirectaction. Upon login interception you will first
check the login is done and then check for this parameter if there any
value then simply forward to that action. else if login is required
redirect it to the login page.
If 'redirectto' url parameter is blank and login is success then forward it
to the home page.
On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a global
result if no user object is found in session. The final action result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts it in
the value stack. It would be used with dynamic redirection in the final
result upon login success( ${nextAction} ) . This action must be passed in
between redirections.
But I need to reuse the original request. Reconstructing the request with
a query string is not an option. I need the original request: GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher result .
If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Hi Antonio,
You can't modify the parameter map from the Servlet request, but you can
pass the extra params from your first request to your action
by putting them in the struts parameters map by calling invocation.
getInvocationContext().getParameters().#put.
So to recap, you have your interceptor that catches the unauthorised
action, you store the uri and all the params you need in the session,
you redirect to the login page, and on login success you pass add the extra
params to the strut2 parameter map, and then struts will populate your
action.
Antonios
On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote:
The problem was I did not consider the namespace in the interceptor,
config file and login action.
action name=authenticate class...
result type=chain
param name=actionName${#session.action}/param
param name=namespace${#session.space}/param
/result
/action
Well, this is actually the easy part but the original question remains:
How do I remember the original request parameters?
When the flow is forwarded to Login.jsp the original request is lost. I
can save the parameters map in session but when the time comes for the
originally requested action (dynamic result) I don't know how to pass the
original request parameters. I guess the right place to do it is the custom
interceptor but I don't know how to pass parameters to the request. Is it
possible to do?
El Viernes, 12 de julio de 2013 17:39:59 usted escribió:
If I use redirections I will lose the original request(parameters,
uploading binary data ...). But I am unable to make it work using forwards
(chaining actions).
I give up. I can't do his with S2. I guess this use case requires some
external approach: servlet filter (as Dave pointed out), container managed
security, Spring security...
Thank you all for your support.
El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto' parameter
which will holds the redirectaction. Upon login interception you will
first
check the login is done and then check for this parameter if there any
value then simply forward to that action. else if login is required
redirect it to the login page.
If 'redirectto' url parameter is blank and login is success then
forward it
to the home page.
On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a
global
result if no user object is found in session. The final action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts
it in
the value stack. It would be used with dynamic redirection in the
final
result upon login success( ${nextAction} ) . This action must be
passed in
between redirections.
But I need to reuse the original request. Reconstructing the request
with
a query string is not an option. I need the original request:
GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher
result . If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Hi Antonios. Thank you very much.
I was using
invocation.getProxy().getConfig().getParams()
instead, but that returns an immutable map. It works using
getInvocationContext().getParameters(). Thank you.
I have to say that I'm not chaining actions: it doesn't make sense to remember
the original request if Login.jsp result breaks the chain and, at the end of
the day, I have to code for remembering the original parameters (in the
interceptor). I'm using redirectAction.
One more question: What should I do in case the original request is a multipart
request? For instance: select picture - click upload - authentication -
upload action.
El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió:
Hi Antonio,
You can't modify the parameter map from the Servlet request, but you can
pass the extra params from your first request to your action
by putting them in the struts parameters map by calling invocation.
getInvocationContext().getParameters().#put.
So to recap, you have your interceptor that catches the unauthorised
action, you store the uri and all the params you need in the session,
you redirect to the login page, and on login success you pass add the extra
params to the strut2 parameter map, and then struts will populate your
action.
Antonios
On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote:
The problem was I did not consider the namespace in the interceptor,
config file and login action.
action name=authenticate class...
result type=chain
param name=actionName${#session.action}/param
param name=namespace${#session.space}/param
/result
/action
Well, this is actually the easy part but the original question remains:
How do I remember the original request parameters?
When the flow is forwarded to Login.jsp the original request is lost. I
can save the parameters map in session but when the time comes for the
originally requested action (dynamic result) I don't know how to pass the
original request parameters. I guess the right place to do it is the custom
interceptor but I don't know how to pass parameters to the request. Is it
possible to do?
El Viernes, 12 de julio de 2013 17:39:59 usted escribió:
If I use redirections I will lose the original request(parameters,
uploading binary data ...). But I am unable to make it work using forwards
(chaining actions).
I give up. I can't do his with S2. I guess this use case requires some
external approach: servlet filter (as Dave pointed out), container managed
security, Spring security...
Thank you all for your support.
El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto' parameter
which will holds the redirectaction. Upon login interception you will
first
check the login is done and then check for this parameter if there any
value then simply forward to that action. else if login is required
redirect it to the login page.
If 'redirectto' url parameter is blank and login is success then
forward it
to the home page.
On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a
global
result if no user object is found in session. The final action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts
it in
the value stack. It would be used with dynamic redirection in the
final
result upon login success( ${nextAction} ) . This action must be
passed in
between redirections.
But I need to reuse the original request. Reconstructing the request
with
a query string is not an option. I need the original request:
GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher
result . If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail:
Re: S2 custom authentication: remembering original request
El Miércoles, 10 de julio de 2013 10:14:55 Dave Newton escribió:
Or configure the server to run forwards through the filter.
Sorry, I don't understand.
On Jul 10, 2013 10:08 AM, Paul Benedict pbened...@apache.org wrote:
Forwarding to another action means you want to do chaining:
http://struts.apache.org/release/2.3.x/docs/action-chaining.html
result type=chain
param name=actionNameautenticar/param
/result
On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Can't forward even without using global results:
http://localhost:8084/mycontext/autenticar = login.jsp - OK
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR -
/mycontext/autenticar not available
Which is the right way to forward to actions?
Using 2.3.15.
El Miércoles, 10 de julio de 2013 15:29:51 usted escribió:
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez
juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a
global
result if no user object is found in session. The final action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts
it in
the value stack. It would be used with dynamic redirection in the
final
result upon login success( ${nextAction} ) . This action must be
passed in
between redirections.
But I need to reuse the original request. Reconstructing the
request
with
a query string is not an option. I need the original request:
GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections.
The
original request parameters are forwarded only using dispatcher
result .
If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
--
Cheers,
Paul
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
That doesn't do what you want because by not specifying the result type,
the dispatcher result is used and it's trying to serve
the /authenticar resource, which doesn't exist.
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR -
/mycontext/autenticar not available
What Paul said is that if you want to call another action as the result of
your first action, you can use the chain result type, which does exactly
that. (it also makes the original request params available to the chained
action)
On 12 July 2013 09:37, Antonio Sánchez juntandolin...@gmail.com wrote:
El Miércoles, 10 de julio de 2013 10:14:55 Dave Newton escribió:
Or configure the server to run forwards through the filter.
Sorry, I don't understand.
On Jul 10, 2013 10:08 AM, Paul Benedict pbened...@apache.org wrote:
Forwarding to another action means you want to do chaining:
http://struts.apache.org/release/2.3.x/docs/action-chaining.html
result type=chain
param name=actionNameautenticar/param
/result
On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Can't forward even without using global results:
http://localhost:8084/mycontext/autenticar = login.jsp - OK
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR -
/mycontext/autenticar not available
Which is the right way to forward to actions?
Using 2.3.15.
El Miércoles, 10 de julio de 2013 15:29:51 usted escribió:
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez
juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action
for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction)
to a
global
result if no user object is found in session. The final action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and
puts
it in
the value stack. It would be used with dynamic redirection in
the
final
result upon login success( ${nextAction} ) . This action must
be
passed in
between redirections.
But I need to reuse the original request. Reconstructing the
request
with
a query string is not an option. I need the original request:
GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with
redirections.
The
original request parameters are forwarded only using dispatcher
result .
If
I use redirectAction or redirect, original params are lost.
Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
--
Cheers,
Paul
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto' parameter
which will holds the redirectaction. Upon login interception you will first
check the login is done and then check for this parameter if there any
value then simply forward to that action. else if login is required
redirect it to the login page.
If 'redirectto' url parameter is blank and login is success then forward it
to the home page.
On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a global
result if no user object is found in session. The final action result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts it in
the value stack. It would be used with dynamic redirection in the final
result upon login success( ${nextAction} ) . This action must be passed in
between redirections.
But I need to reuse the original request. Reconstructing the request with
a query string is not an option. I need the original request: GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher result . If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
I'm having problems with chaining. I have tried several ways but none works.
For instance:
1. http://localhost/mycontext/secure/protected = Login.jsp (${#request.url} is
readable in jsp).
2. Login.jsp = submit (correct user/pwd) = ERROR: Infinite recursion
detected: [//authenticate!authenticate, //, //] (url not available as request
attribute)
When submitting, request attribute 'url' is not present in the action, I guess
because result type of input is dispatcher, not chain, but using type
chain with a JSP causes St2 to complain, and won't find any action.
Pseudo-code:
INTERCEPTOR
if (userInSession == null) {
request.setAttribute(url, request.getServletPath());
return AUTHENTICATE;
}
return invocation.invoke();
STRUTS.XML
- package base, namespace
- defines interceptor SECURE and default interceptor stack (SECURE,
DEFAULTSTACK).
- defines global result:
result name=AUTHENTICATE type=chain
param name=actionNameauthenticate/param
param name=namespace//param
/result
- package root extends base, namespace /
action name=authenticate class...
result type=chain
param name=actionName${#request.url}/param
/result
result name=input/Login.jsp/result
/action
- package secure extends base, namespace /secure
action name=protected class=...
result/secure/Protected.jsp/result
/action
ACTION AUTHENTICATE
if (userInSession != null ) {
request.getSession().setAttribute(USER_IN_SESSION,
userInSession);
//expecting original url is a request attribute
return SUCCESS;
} else {
return INPUT;
}
At the moment I've not been able to implement the requirement.
El Miércoles, 10 de julio de 2013 10:07:36 Paul Benedict escribió:
Forwarding to another action means you want to do chaining:
http://struts.apache.org/release/2.3.x/docs/action-chaining.html
result type=chain
param name=actionNameautenticar/param
/result
On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Can't forward even without using global results:
http://localhost:8084/mycontext/autenticar = login.jsp - OK
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR -
/mycontext/autenticar not available
Which is the right way to forward to actions?
Using 2.3.15.
El Miércoles, 10 de julio de 2013 15:29:51 usted escribió:
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a
global
result if no user object is found in session. The final action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts
it in
the value stack. It would be used with dynamic redirection in the
final
result upon login success( ${nextAction} ) . This action must be
passed in
between redirections.
But I need to reuse the original request. Reconstructing the request
with
a query string is not an option. I need the original request:
GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher
result .
If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
try
request.setAttribute(url,invocation.getInvocationContext().getName()) in
your interceptor.
Antonios
On 12 July 2013 12:03, Antonio Sánchez juntandolin...@gmail.com wrote:
I'm having problems with chaining. I have tried several ways but none
works. For instance:
1. http://localhost/mycontext/secure/protected = Login.jsp
(${#request.url} is readable in jsp).
2. Login.jsp = submit (correct user/pwd) = ERROR: Infinite recursion
detected: [//authenticate!authenticate, //, //] (url not available as
request attribute)
When submitting, request attribute 'url' is not present in the action, I
guess because result type of input is dispatcher, not chain, but
using type chain with a JSP causes St2 to complain, and won't find any
action.
Pseudo-code:
INTERCEPTOR
if (userInSession == null) {
request.setAttribute(url, request.getServletPath());
return AUTHENTICATE;
}
return invocation.invoke();
STRUTS.XML
- package base, namespace
- defines interceptor SECURE and default interceptor stack
(SECURE, DEFAULTSTACK).
- defines global result:
result name=AUTHENTICATE type=chain
param name=actionNameauthenticate/param
param name=namespace//param
/result
- package root extends base, namespace /
action name=authenticate class...
result type=chain
param name=actionName${#request.url}/param
/result
result name=input/Login.jsp/result
/action
- package secure extends base, namespace /secure
action name=protected class=...
result/secure/Protected.jsp/result
/action
ACTION AUTHENTICATE
if (userInSession != null ) {
request.getSession().setAttribute(USER_IN_SESSION,
userInSession);
//expecting original url is a request attribute
return SUCCESS;
} else {
return INPUT;
}
At the moment I've not been able to implement the requirement.
El Miércoles, 10 de julio de 2013 10:07:36 Paul Benedict escribió:
Forwarding to another action means you want to do chaining:
http://struts.apache.org/release/2.3.x/docs/action-chaining.html
result type=chain
param name=actionNameautenticar/param
/result
On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Can't forward even without using global results:
http://localhost:8084/mycontext/autenticar = login.jsp - OK
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR -
/mycontext/autenticar not available
Which is the right way to forward to actions?
Using 2.3.15.
El Miércoles, 10 de julio de 2013 15:29:51 usted escribió:
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez
juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction)
to a
global
result if no user object is found in session. The final action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and
puts
it in
the value stack. It would be used with dynamic redirection in the
final
result upon login success( ${nextAction} ) . This action must be
passed in
between redirections.
But I need to reuse the original request. Reconstructing the
request
with
a query string is not an option. I need the original request:
GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with
redirections. The
original request parameters are forwarded only using dispatcher
result .
If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail:
Re: S2 custom authentication: remembering original request
El Viernes, 12 de julio de 2013 12:33:43 Antonios Gkogkakis escribió:
try
request.setAttribute(url,invocation.getInvocationContext().getName()) in
your interceptor.
Same result. Even using invocation.getProxy().getNamespace().
Antonios
On 12 July 2013 12:03, Antonio Sánchez juntandolin...@gmail.com wrote:
I'm having problems with chaining. I have tried several ways but none
works. For instance:
1. http://localhost/mycontext/secure/protected = Login.jsp
(${#request.url} is readable in jsp).
2. Login.jsp = submit (correct user/pwd) = ERROR: Infinite recursion
detected: [//authenticate!authenticate, //, //] (url not available as
request attribute)
When submitting, request attribute 'url' is not present in the action, I
guess because result type of input is dispatcher, not chain, but
using type chain with a JSP causes St2 to complain, and won't find any
action.
Pseudo-code:
INTERCEPTOR
if (userInSession == null) {
request.setAttribute(url, request.getServletPath());
return AUTHENTICATE;
}
return invocation.invoke();
STRUTS.XML
- package base, namespace
- defines interceptor SECURE and default interceptor stack
(SECURE, DEFAULTSTACK).
- defines global result:
result name=AUTHENTICATE type=chain
param name=actionNameauthenticate/param
param name=namespace//param
/result
- package root extends base, namespace /
action name=authenticate class...
result type=chain
param name=actionName${#request.url}/param
/result
result name=input/Login.jsp/result
/action
- package secure extends base, namespace /secure
action name=protected class=...
result/secure/Protected.jsp/result
/action
ACTION AUTHENTICATE
if (userInSession != null ) {
request.getSession().setAttribute(USER_IN_SESSION,
userInSession);
//expecting original url is a request attribute
return SUCCESS;
} else {
return INPUT;
}
At the moment I've not been able to implement the requirement.
El Miércoles, 10 de julio de 2013 10:07:36 Paul Benedict escribió:
Forwarding to another action means you want to do chaining:
http://struts.apache.org/release/2.3.x/docs/action-chaining.html
result type=chain
param name=actionNameautenticar/param
/result
On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Can't forward even without using global results:
http://localhost:8084/mycontext/autenticar = login.jsp - OK
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR -
/mycontext/autenticar not available
Which is the right way to forward to actions?
Using 2.3.15.
El Miércoles, 10 de julio de 2013 15:29:51 usted escribió:
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez
juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction)
to a
global
result if no user object is found in session. The final action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and
puts
it in
the value stack. It would be used with dynamic redirection in the
final
result upon login success( ${nextAction} ) . This action must be
passed in
between redirections.
But I need to reuse the original request. Reconstructing the
request
with
a query string is not an option. I need the original request:
GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with
redirections. The
Re: S2 custom authentication: remembering original request
Have you added the Chaining interceptor ?
Antonios
On 12 July 2013 12:41, Antonio Sánchez juntandolin...@gmail.com wrote:
El Viernes, 12 de julio de 2013 12:33:43 Antonios Gkogkakis escribió:
try
request.setAttribute(url,invocation.getInvocationContext().getName())
in
your interceptor.
Same result. Even using invocation.getProxy().getNamespace().
Antonios
On 12 July 2013 12:03, Antonio Sánchez juntandolin...@gmail.com wrote:
I'm having problems with chaining. I have tried several ways but none
works. For instance:
1. http://localhost/mycontext/secure/protected = Login.jsp
(${#request.url} is readable in jsp).
2. Login.jsp = submit (correct user/pwd) = ERROR: Infinite recursion
detected: [//authenticate!authenticate, //, //] (url not available as
request attribute)
When submitting, request attribute 'url' is not present in the action,
I
guess because result type of input is dispatcher, not chain, but
using type chain with a JSP causes St2 to complain, and won't find
any
action.
Pseudo-code:
INTERCEPTOR
if (userInSession == null) {
request.setAttribute(url, request.getServletPath());
return AUTHENTICATE;
}
return invocation.invoke();
STRUTS.XML
- package base, namespace
- defines interceptor SECURE and default interceptor stack
(SECURE, DEFAULTSTACK).
- defines global result:
result name=AUTHENTICATE type=chain
param name=actionNameauthenticate/param
param name=namespace//param
/result
- package root extends base, namespace /
action name=authenticate class...
result type=chain
param name=actionName${#request.url}/param
/result
result name=input/Login.jsp/result
/action
- package secure extends base, namespace /secure
action name=protected class=...
result/secure/Protected.jsp/result
/action
ACTION AUTHENTICATE
if (userInSession != null ) {
request.getSession().setAttribute(USER_IN_SESSION,
userInSession);
//expecting original url is a request attribute
return SUCCESS;
} else {
return INPUT;
}
At the moment I've not been able to implement the requirement.
El Miércoles, 10 de julio de 2013 10:07:36 Paul Benedict escribió:
Forwarding to another action means you want to do chaining:
http://struts.apache.org/release/2.3.x/docs/action-chaining.html
result type=chain
param name=actionNameautenticar/param
/result
On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Can't forward even without using global results:
http://localhost:8084/mycontext/autenticar = login.jsp - OK
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR -
/mycontext/autenticar not available
Which is the right way to forward to actions?
Using 2.3.15.
El Miércoles, 10 de julio de 2013 15:29:51 usted escribió:
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez
juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action
for
authentication - access protected resource.
I'm using a custom interceptor that redirects
(redirectAction)
to a
global
result if no user object is found in session. The final
action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and
puts
it in
the value stack. It would be used with dynamic redirection
in the
final
result upon login success( ${nextAction} ) . This action
must be
passed in
between redirections.
But I need to reuse the original request. Reconstructing the
request
with
a query string is not an option. I need the original
Re: S2 custom authentication: remembering original request
AFAIC, chaining interceptor is included in the default stack.
Anyway I have added it and still same result.
interceptor-ref name=chain/ !--- HERE --
interceptor-ref name=securityInteceptor /
interceptor-ref name=chain/ !--- AND HERE
--
interceptor-ref name=defaultStack /
I'll try Rahul comments and will let you know.
El Viernes, 12 de julio de 2013 13:05:10 Antonios Gkogkakis escribió:
Have you added the Chaining interceptor ?
Antonios
On 12 July 2013 12:41, Antonio Sánchez juntandolin...@gmail.com wrote:
El Viernes, 12 de julio de 2013 12:33:43 Antonios Gkogkakis escribió:
try
request.setAttribute(url,invocation.getInvocationContext().getName())
in
your interceptor.
Same result. Even using invocation.getProxy().getNamespace().
Antonios
On 12 July 2013 12:03, Antonio Sánchez juntandolin...@gmail.com wrote:
I'm having problems with chaining. I have tried several ways but none
works. For instance:
1. http://localhost/mycontext/secure/protected = Login.jsp
(${#request.url} is readable in jsp).
2. Login.jsp = submit (correct user/pwd) = ERROR: Infinite recursion
detected: [//authenticate!authenticate, //, //] (url not available as
request attribute)
When submitting, request attribute 'url' is not present in the action,
I
guess because result type of input is dispatcher, not chain, but
using type chain with a JSP causes St2 to complain, and won't find
any
action.
Pseudo-code:
INTERCEPTOR
if (userInSession == null) {
request.setAttribute(url, request.getServletPath());
return AUTHENTICATE;
}
return invocation.invoke();
STRUTS.XML
- package base, namespace
- defines interceptor SECURE and default interceptor stack
(SECURE, DEFAULTSTACK).
- defines global result:
result name=AUTHENTICATE type=chain
param name=actionNameauthenticate/param
param name=namespace//param
/result
- package root extends base, namespace /
action name=authenticate class...
result type=chain
param name=actionName${#request.url}/param
/result
result name=input/Login.jsp/result
/action
- package secure extends base, namespace /secure
action name=protected class=...
result/secure/Protected.jsp/result
/action
ACTION AUTHENTICATE
if (userInSession != null ) {
request.getSession().setAttribute(USER_IN_SESSION,
userInSession);
//expecting original url is a request attribute
return SUCCESS;
} else {
return INPUT;
}
At the moment I've not been able to implement the requirement.
El Miércoles, 10 de julio de 2013 10:07:36 Paul Benedict escribió:
Forwarding to another action means you want to do chaining:
http://struts.apache.org/release/2.3.x/docs/action-chaining.html
result type=chain
param name=actionNameautenticar/param
/result
On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Can't forward even without using global results:
http://localhost:8084/mycontext/autenticar = login.jsp - OK
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR -
/mycontext/autenticar not available
Which is the right way to forward to actions?
Using 2.3.15.
El Miércoles, 10 de julio de 2013 15:29:51 usted escribió:
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez
juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action
for
authentication - access protected resource.
I'm using a custom interceptor that redirects
(redirectAction)
to a
global
Re: S2 custom authentication: remembering original request
If I use redirections I will lose the original request(parameters, uploading
binary data ...). But I am unable to make it work using forwards (chaining
actions).
I give up. I can't do his with S2. I guess this use case requires some external
approach: servlet filter (as Dave pointed out), container managed security,
Spring security...
Thank you all for your support.
El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
Hi
Here is the way you can achieve this.
You need to design login action to have the url 'redirectto' parameter
which will holds the redirectaction. Upon login interception you will first
check the login is done and then check for this parameter if there any
value then simply forward to that action. else if login is required
redirect it to the login page.
If 'redirectto' url parameter is blank and login is success then forward it
to the home page.
On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a global
result if no user object is found in session. The final action result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts it in
the value stack. It would be used with dynamic redirection in the final
result upon login success( ${nextAction} ) . This action must be passed in
between redirections.
But I need to reuse the original request. Reconstructing the request with
a query string is not an option. I need the original request: GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher result . If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a global
result if no user object is found in session. The final action result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts it in
the value stack. It would be used with dynamic redirection in the final
result upon login success( ${nextAction} ) . This action must be passed in
between redirections.
But I need to reuse the original request. Reconstructing the request with
a query string is not an option. I need the original request: GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher result . If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
It should definitely be possible because what you described is out of the box
functionality in Spring Security where their concept of intercepters is a
filter.
I would recommend that if you need a complete authentication and permissions
checking functionality to look into Spring Security. We have used it for quite
a while to protect various resources and method invocations on per user and per
role validations and has allowed us to focus time elsewhere in development.
Sent from my Verizon Wireless BlackBerry
-Original Message-
From: Antonio Sánchez juntandolin...@gmail.com
Date: Wed, 10 Jul 2013 14:27:29
To: Struts Users Mailing Listuser@struts.apache.org
Reply-To: Struts Users Mailing List user@struts.apache.org
Subject: S2 custom authentication: remembering original request
Use Case: request some protected resource - redirect action for authentication
- access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a global
result if no user object is found in session. The final action result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts it in the
value stack. It would be used with dynamic redirection in the final result upon
login success( ${nextAction} ) . This action must be passed in between
redirections.
But I need to reuse the original request. Reconstructing the request with a
query string is not an option. I need the original request: GET/POST method,
all parameters/values, maybe uploading binary content (inputstream), maybe
headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The original
request parameters are forwarded only using dispatcher result . If I use
redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Email secured by Check Point
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a global
result if no user object is found in session. The final action result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts it in
the value stack. It would be used with dynamic redirection in the final
result upon login success( ${nextAction} ) . This action must be passed in
between redirections.
But I need to reuse the original request. Reconstructing the request with
a query string is not an option. I need the original request: GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher result .
If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
El Miércoles, 10 de julio de 2013 13:00:44 CRANFORD, CHRIS escribió:
It should definitely be possible because what you described is out of the box
functionality in Spring Security where their concept of intercepters is a
filter.
How can I remember the original request? Piece by piece? I can only think of
storing in session original headers, parameters, inputstream...
This is not a rare use case. For example, using the system for uploading a
picture, the user clicks submit but authentication is required for this
operation. After successful authentication, the original request is processed
(with original form an picture bytes), the user needs not to fill any form nor
to select again the picture.
I would recommend that if you need a complete authentication and permissions
checking functionality to look into Spring Security. We have used it for
quite a while to protect various resources and method invocations on per user
and per role validations and has allowed us to focus time elsewhere in
development.
This is not a real scenario. In a real scenario I would use container managed
security or Spring Security. I am just learning Struts and exploring its
capabilities. How would a Struts developer implement a use case like this?
Sent from my Verizon Wireless BlackBerry
-Original Message-
From: Antonio Sánchez juntandolin...@gmail.com
Date: Wed, 10 Jul 2013 14:27:29
To: Struts Users Mailing Listuser@struts.apache.org
Reply-To: Struts Users Mailing List user@struts.apache.org
Subject: S2 custom authentication: remembering original request
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a global
result if no user object is found in session. The final action result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts it in the
value stack. It would be used with dynamic redirection in the final result
upon login success( ${nextAction} ) . This action must be passed in between
redirections.
But I need to reuse the original request. Reconstructing the request with a
query string is not an option. I need the original request: GET/POST method,
all parameters/values, maybe uploading binary content (inputstream), maybe
headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher result . If I
use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Email secured by Check Point
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Can't forward even without using global results:
http://localhost:8084/mycontext/autenticar = login.jsp - OK
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar
not available
Which is the right way to forward to actions?
Using 2.3.15.
El Miércoles, 10 de julio de 2013 15:29:51 usted escribió:
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a global
result if no user object is found in session. The final action result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts it in
the value stack. It would be used with dynamic redirection in the final
result upon login success( ${nextAction} ) . This action must be passed in
between redirections.
But I need to reuse the original request. Reconstructing the request with
a query string is not an option. I need the original request: GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher result .
If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Forwarding to another action means you want to do chaining:
http://struts.apache.org/release/2.3.x/docs/action-chaining.html
result type=chain
param name=actionNameautenticar/param
/result
On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Can't forward even without using global results:
http://localhost:8084/mycontext/autenticar = login.jsp - OK
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR -
/mycontext/autenticar not available
Which is the right way to forward to actions?
Using 2.3.15.
El Miércoles, 10 de julio de 2013 15:29:51 usted escribió:
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a
global
result if no user object is found in session. The final action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts
it in
the value stack. It would be used with dynamic redirection in the
final
result upon login success( ${nextAction} ) . This action must be
passed in
between redirections.
But I need to reuse the original request. Reconstructing the request
with
a query string is not an option. I need the original request:
GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections. The
original request parameters are forwarded only using dispatcher
result .
If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
--
Cheers,
Paul
Re: S2 custom authentication: remembering original request
Or configure the server to run forwards through the filter.
On Jul 10, 2013 10:08 AM, Paul Benedict pbened...@apache.org wrote:
Forwarding to another action means you want to do chaining:
http://struts.apache.org/release/2.3.x/docs/action-chaining.html
result type=chain
param name=actionNameautenticar/param
/result
On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez
juntandolin...@gmail.comwrote:
Can't forward even without using global results:
http://localhost:8084/mycontext/autenticar = login.jsp - OK
action name=forward
result/autenticar/result
/action
http://localhost:8084/mycontext/forward = 404 ERROR -
/mycontext/autenticar not available
Which is the right way to forward to actions?
Using 2.3.15.
El Miércoles, 10 de julio de 2013 15:29:51 usted escribió:
Second question: because it's a redirect, hence a new request.
http://localhost:8084/mycontext/autenticar = login.jsp - OK
Returned by interceptor:
global-results
result name=AUTENTICAR/autenticar/result
/global-results
http://localhost:8084/mycontext/admin/protected = 404 ERROR -
/mycontext/autenticar not available
How should I forward to actions?
El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió:
Second question: because it's a redirect, hence a new request.
Dave
On Jul 10, 2013 7:28 AM, Antonio Sánchez
juntandolin...@gmail.com
wrote:
Use Case: request some protected resource - redirect action for
authentication - access protected resource.
I'm using a custom interceptor that redirects (redirectAction) to a
global
result if no user object is found in session. The final action
result then
redirects to a login page.
The interceptor gets the original action requested (using
request.getServletPath(), but not sure if this is right), and puts
it in
the value stack. It would be used with dynamic redirection in the
final
result upon login success( ${nextAction} ) . This action must be
passed in
between redirections.
But I need to reuse the original request. Reconstructing the
request
with
a query string is not an option. I need the original request:
GET/POST
method, all parameters/values, maybe uploading binary content
(inputstream), maybe headers...
Is it possible to do this? How?
--
Partially related to this: I'm having problems with redirections.
The
original request parameters are forwarded only using dispatcher
result .
If
I use redirectAction or redirect, original params are lost. Why?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
--
Cheers,
Paul
