Re: S2 custom authentication: remembering original request
Uploading files is not working. Files are not set in the action, there are no files in the request, and no files detected by File Upload Interceptor (FUI). Redirection Interceptor (RI) runs before the default stack FUI. RI stores in session the request parameters before FUI has any chance to run. When the time comes for the original request (default stack) it seems FUI has no way to recover any multipart information. When RI restores original 'standard' parameters ( nvocation.getInvocationContext().getParameters().put(name, value) ) it seems any multipart information is missing. The question is: How can I save original multipart data and restore it when the original action runs? El Martes, 16 de julio de 2013 09:59:27 Antonios Gkogkakis escribió: You don't have to store text, you can store Object or even the File itself. it depend on where/when you extract the params from the original request Antonios On 16 July 2013 09:51, Antonio Sánchez juntandolin...@gmail.com wrote: El Martes, 16 de julio de 2013 09:16:12 Antonios Gkogkakis escribió: Hi Antonio, I don't see anything different with the multipart requests, are you experiencing issues? I'll try to test multipart requests and will let you know. I must first review file uploading. The potential problem I see is that I am only saving in session text parameters. I don't know how binary data is transported in the request. I headers are involved then they need to be saved too. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote: Hi Antonios. Thank you very much. I was using invocation.getProxy().getConfig().getParams() instead, but that returns an immutable map. It works using getInvocationContext().getParameters(). Thank you. I have to say that I'm not chaining actions: it doesn't make sense to remember the original request if Login.jsp result breaks the chain and, at the end of the day, I have to code for remembering the original parameters (in the interceptor). I'm using redirectAction. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió: Hi Antonio, You can't modify the parameter map from the Servlet request, but you can pass the extra params from your first request to your action by putting them in the struts parameters map by calling invocation. getInvocationContext().getParameters().#put. So to recap, you have your interceptor that catches the unauthorised action, you store the uri and all the params you need in the session, you redirect to the login page, and on login success you pass add the extra params to the strut2 parameter map, and then struts will populate your action. Antonios On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote: The problem was I did not consider the namespace in the interceptor, config file and login action. action name=authenticate class... result type=chain param name=actionName${#session.action}/param param name=namespace${#session.space}/param /result /action Well, this is actually the easy part but the original question remains: How do I remember the original request parameters? When the flow is forwarded to Login.jsp the original request is lost. I can save the parameters map in session but when the time comes for the originally requested action (dynamic result) I don't know how to pass the original request parameters. I guess the right place to do it is the custom interceptor but I don't know how to pass parameters to the request. Is it possible to do? El Viernes, 12 de julio de 2013 17:39:59 usted escribió: If I use redirections I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as Dave pointed out), container managed security, Spring security... Thank you all for your support. El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió: Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter
Re: S2 custom authentication: remembering original request
El Martes, 16 de julio de 2013 09:16:12 Antonios Gkogkakis escribió: Hi Antonio, I don't see anything different with the multipart requests, are you experiencing issues? I'll try to test multipart requests and will let you know. I must first review file uploading. The potential problem I see is that I am only saving in session text parameters. I don't know how binary data is transported in the request. I headers are involved then they need to be saved too. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote: Hi Antonios. Thank you very much. I was using invocation.getProxy().getConfig().getParams() instead, but that returns an immutable map. It works using getInvocationContext().getParameters(). Thank you. I have to say that I'm not chaining actions: it doesn't make sense to remember the original request if Login.jsp result breaks the chain and, at the end of the day, I have to code for remembering the original parameters (in the interceptor). I'm using redirectAction. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió: Hi Antonio, You can't modify the parameter map from the Servlet request, but you can pass the extra params from your first request to your action by putting them in the struts parameters map by calling invocation. getInvocationContext().getParameters().#put. So to recap, you have your interceptor that catches the unauthorised action, you store the uri and all the params you need in the session, you redirect to the login page, and on login success you pass add the extra params to the strut2 parameter map, and then struts will populate your action. Antonios On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote: The problem was I did not consider the namespace in the interceptor, config file and login action. action name=authenticate class... result type=chain param name=actionName${#session.action}/param param name=namespace${#session.space}/param /result /action Well, this is actually the easy part but the original question remains: How do I remember the original request parameters? When the flow is forwarded to Login.jsp the original request is lost. I can save the parameters map in session but when the time comes for the originally requested action (dynamic result) I don't know how to pass the original request parameters. I guess the right place to do it is the custom interceptor but I don't know how to pass parameters to the request. Is it possible to do? El Viernes, 12 de julio de 2013 17:39:59 usted escribió: If I use redirections I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as Dave pointed out), container managed security, Spring security... Thank you all for your support. El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió: Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter which will holds the redirectaction. Upon login interception you will first check the login is done and then check for this parameter if there any value then simply forward to that action. else if login is required redirect it to the login page. If 'redirectto' url parameter is blank and login is success then forward it to the home page. On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez juntandolin...@gmail.comwrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need
Re: S2 custom authentication: remembering original request
You don't have to store text, you can store Object or even the File itself. it depend on where/when you extract the params from the original request Antonios On 16 July 2013 09:51, Antonio Sánchez juntandolin...@gmail.com wrote: El Martes, 16 de julio de 2013 09:16:12 Antonios Gkogkakis escribió: Hi Antonio, I don't see anything different with the multipart requests, are you experiencing issues? I'll try to test multipart requests and will let you know. I must first review file uploading. The potential problem I see is that I am only saving in session text parameters. I don't know how binary data is transported in the request. I headers are involved then they need to be saved too. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote: Hi Antonios. Thank you very much. I was using invocation.getProxy().getConfig().getParams() instead, but that returns an immutable map. It works using getInvocationContext().getParameters(). Thank you. I have to say that I'm not chaining actions: it doesn't make sense to remember the original request if Login.jsp result breaks the chain and, at the end of the day, I have to code for remembering the original parameters (in the interceptor). I'm using redirectAction. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió: Hi Antonio, You can't modify the parameter map from the Servlet request, but you can pass the extra params from your first request to your action by putting them in the struts parameters map by calling invocation. getInvocationContext().getParameters().#put. So to recap, you have your interceptor that catches the unauthorised action, you store the uri and all the params you need in the session, you redirect to the login page, and on login success you pass add the extra params to the strut2 parameter map, and then struts will populate your action. Antonios On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote: The problem was I did not consider the namespace in the interceptor, config file and login action. action name=authenticate class... result type=chain param name=actionName${#session.action}/param param name=namespace${#session.space}/param /result /action Well, this is actually the easy part but the original question remains: How do I remember the original request parameters? When the flow is forwarded to Login.jsp the original request is lost. I can save the parameters map in session but when the time comes for the originally requested action (dynamic result) I don't know how to pass the original request parameters. I guess the right place to do it is the custom interceptor but I don't know how to pass parameters to the request. Is it possible to do? El Viernes, 12 de julio de 2013 17:39:59 usted escribió: If I use redirections I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as Dave pointed out), container managed security, Spring security... Thank you all for your support. El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió: Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter which will holds the redirectaction. Upon login interception you will first check the login is done and then check for this parameter if there any value then simply forward to that action. else if login is required redirect it to the login page. If 'redirectto' url parameter is blank and login is success then forward it to the home page. On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez juntandolin...@gmail.comwrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page.
RE: S2 custom authentication: remembering original request
be careful when storing params into session during redirect remember redirect invalidates the original session and creates a brand new session from client's browser Best to tuck away the old parameters anywhere but in the session then construct redirect with Location header pointing to the new action (appending the old parameters) when constrcuting a response with an specific mime-type remember the ContentType must be set in the response e.g: response.setContentType(application/octet-stream); then pass to filters in your chain: chain.doFilter(request, response); Mime-mappings are set in web.xml as seen here mime-mapping extensionmysuffix/extension mime-typemymime/type/mime-type /mime-mapping -- or in mime.properties Martin Gainty __ Date: Tue, 16 Jul 2013 09:16:12 +0100 Subject: Re: S2 custom authentication: remembering original request From: gkogk...@tcd.ie To: user@struts.apache.org Hi Antonio, I don't see anything different with the multipart requests, are you experiencing issues? One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote: Hi Antonios. Thank you very much. I was using invocation.getProxy().getConfig().getParams() instead, but that returns an immutable map. It works using getInvocationContext().getParameters(). Thank you. I have to say that I'm not chaining actions: it doesn't make sense to remember the original request if Login.jsp result breaks the chain and, at the end of the day, I have to code for remembering the original parameters (in the interceptor). I'm using redirectAction. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió: Hi Antonio, You can't modify the parameter map from the Servlet request, but you can pass the extra params from your first request to your action by putting them in the struts parameters map by calling invocation. getInvocationContext().getParameters().#put. So to recap, you have your interceptor that catches the unauthorised action, you store the uri and all the params you need in the session, you redirect to the login page, and on login success you pass add the extra params to the strut2 parameter map, and then struts will populate your action. Antonios On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote: The problem was I did not consider the namespace in the interceptor, config file and login action. action name=authenticate class... result type=chain param name=actionName${#session.action}/param param name=namespace${#session.space}/param /result /action Well, this is actually the easy part but the original question remains: How do I remember the original request parameters? When the flow is forwarded to Login.jsp the original request is lost. I can save the parameters map in session but when the time comes for the originally requested action (dynamic result) I don't know how to pass the original request parameters. I guess the right place to do it is the custom interceptor but I don't know how to pass parameters to the request. Is it possible to do? El Viernes, 12 de julio de 2013 17:39:59 usted escribió: If I use redirections I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as Dave pointed out), container managed security, Spring security... Thank you all for your support. El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió: Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter which will holds the redirectaction. Upon login interception you will first check the login is done and then check for this parameter if there any value then simply forward to that action. else if login is required redirect it to the login page. If 'redirectto' url parameter is blank and login is success then forward it to the home page. On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez juntandolin...@gmail.comwrote: Use Case: request some protected resource - redirect action for authentication - access
Re: S2 custom authentication: remembering original request
El Martes, 16 de julio de 2013 09:59:27 Antonios Gkogkakis escribió: You don't have to store text, you can store Object or even the File itself. it depend on where/when you extract the params from the original request In the interceptor. But the interceptor is not responsible of uploading. I don't know how it works (uploading binary data), I must review first. Antonios On 16 July 2013 09:51, Antonio Sánchez juntandolin...@gmail.com wrote: El Martes, 16 de julio de 2013 09:16:12 Antonios Gkogkakis escribió: Hi Antonio, I don't see anything different with the multipart requests, are you experiencing issues? I'll try to test multipart requests and will let you know. I must first review file uploading. The potential problem I see is that I am only saving in session text parameters. I don't know how binary data is transported in the request. I headers are involved then they need to be saved too. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote: Hi Antonios. Thank you very much. I was using invocation.getProxy().getConfig().getParams() instead, but that returns an immutable map. It works using getInvocationContext().getParameters(). Thank you. I have to say that I'm not chaining actions: it doesn't make sense to remember the original request if Login.jsp result breaks the chain and, at the end of the day, I have to code for remembering the original parameters (in the interceptor). I'm using redirectAction. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió: Hi Antonio, You can't modify the parameter map from the Servlet request, but you can pass the extra params from your first request to your action by putting them in the struts parameters map by calling invocation. getInvocationContext().getParameters().#put. So to recap, you have your interceptor that catches the unauthorised action, you store the uri and all the params you need in the session, you redirect to the login page, and on login success you pass add the extra params to the strut2 parameter map, and then struts will populate your action. Antonios On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote: The problem was I did not consider the namespace in the interceptor, config file and login action. action name=authenticate class... result type=chain param name=actionName${#session.action}/param param name=namespace${#session.space}/param /result /action Well, this is actually the easy part but the original question remains: How do I remember the original request parameters? When the flow is forwarded to Login.jsp the original request is lost. I can save the parameters map in session but when the time comes for the originally requested action (dynamic result) I don't know how to pass the original request parameters. I guess the right place to do it is the custom interceptor but I don't know how to pass parameters to the request. Is it possible to do? El Viernes, 12 de julio de 2013 17:39:59 usted escribió: If I use redirections I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as Dave pointed out), container managed security, Spring security... Thank you all for your support. El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió: Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter which will holds the redirectaction. Upon login interception you will first check the login is done and then check for this parameter if there any value then simply forward to that action. else if login is required redirect it to the login page. If 'redirectto' url parameter is blank and login is success then forward it to the home page. On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez juntandolin...@gmail.comwrote:
Re: S2 custom authentication: remembering original request
El Martes, 16 de julio de 2013 05:20:05 Martin Gainty escribió: be careful when storing params into session during redirect remember redirect invalidates the original session and creates a brand new session from client's browser It's working in my test (Tomcat). The question is: does a redirectAction result invalidate the session? If it doesn't I can safely use session. Best to tuck away the old parameters anywhere but in the session then construct redirect with Location header pointing to the new action (appending the old parameters) when constrcuting a response with an specific mime-type remember the ContentType must be set in the response e.g: response.setContentType(application/octet-stream); then pass to filters in your chain: chain.doFilter(request, response); Mime-mappings are set in web.xml as seen here mime-mapping extensionmysuffix/extension mime-typemymime/type/mime-type /mime-mapping -- or in mime.properties __ Date: Tue, 16 Jul 2013 09:16:12 +0100 Subject: Re: S2 custom authentication: remembering original request From: gkogk...@tcd.ie To: user@struts.apache.org Hi Antonio, I don't see anything different with the multipart requests, are you experiencing issues? One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. On 15 July 2013 18:19, Antonio Sánchez juntandolin...@gmail.com wrote: Hi Antonios. Thank you very much. I was using invocation.getProxy().getConfig().getParams() instead, but that returns an immutable map. It works using getInvocationContext().getParameters(). Thank you. I have to say that I'm not chaining actions: it doesn't make sense to remember the original request if Login.jsp result breaks the chain and, at the end of the day, I have to code for remembering the original parameters (in the interceptor). I'm using redirectAction. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió: Hi Antonio, You can't modify the parameter map from the Servlet request, but you can pass the extra params from your first request to your action by putting them in the struts parameters map by calling invocation. getInvocationContext().getParameters().#put. So to recap, you have your interceptor that catches the unauthorised action, you store the uri and all the params you need in the session, you redirect to the login page, and on login success you pass add the extra params to the strut2 parameter map, and then struts will populate your action. Antonios On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote: The problem was I did not consider the namespace in the interceptor, config file and login action. action name=authenticate class... result type=chain param name=actionName${#session.action}/param param name=namespace${#session.space}/param /result /action Well, this is actually the easy part but the original question remains: How do I remember the original request parameters? When the flow is forwarded to Login.jsp the original request is lost. I can save the parameters map in session but when the time comes for the originally requested action (dynamic result) I don't know how to pass the original request parameters. I guess the right place to do it is the custom interceptor but I don't know how to pass parameters to the request. Is it possible to do? El Viernes, 12 de julio de 2013 17:39:59 usted escribió: If I use redirections I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as Dave pointed out), container managed security, Spring security... Thank you all for your support. El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió: Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter which will holds the redirectaction. Upon login interception you will first check the login is done and then check for this parameter if there any value then simply forward to that action. else if login is required
RE: S2 custom authentication: remembering original request
On Jul 16, 2013 5:20 AM, Martin Gainty mgai...@hotmail.com wrote: be careful when storing params into session during redirect remember redirect invalidates the original session and creates a brand new session from client's browser That would mean if you redirected you'd be logged out every time. That would break every website in the world, and would render very common patterns like post-redirect-get useless. Dave
Re: S2 custom authentication: remembering original request
The problem was I did not consider the namespace in the interceptor, config file and login action. action name=authenticate class... result type=chain param name=actionName${#session.action}/param param name=namespace${#session.space}/param /result /action Well, this is actually the easy part but the original question remains: How do I remember the original request parameters? When the flow is forwarded to Login.jsp the original request is lost. I can save the parameters map in session but when the time comes for the originally requested action (dynamic result) I don't know how to pass the original request parameters. I guess the right place to do it is the custom interceptor but I don't know how to pass parameters to the request. Is it possible to do? El Viernes, 12 de julio de 2013 17:39:59 usted escribió: If I use redirections I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as Dave pointed out), container managed security, Spring security... Thank you all for your support. El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió: Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter which will holds the redirectaction. Upon login interception you will first check the login is done and then check for this parameter if there any value then simply forward to that action. else if login is required redirect it to the login page. If 'redirectto' url parameter is blank and login is success then forward it to the home page. On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez juntandolin...@gmail.comwrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Hi Antonio, You can't modify the parameter map from the Servlet request, but you can pass the extra params from your first request to your action by putting them in the struts parameters map by calling invocation. getInvocationContext().getParameters().#put. So to recap, you have your interceptor that catches the unauthorised action, you store the uri and all the params you need in the session, you redirect to the login page, and on login success you pass add the extra params to the strut2 parameter map, and then struts will populate your action. Antonios On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote: The problem was I did not consider the namespace in the interceptor, config file and login action. action name=authenticate class... result type=chain param name=actionName${#session.action}/param param name=namespace${#session.space}/param /result /action Well, this is actually the easy part but the original question remains: How do I remember the original request parameters? When the flow is forwarded to Login.jsp the original request is lost. I can save the parameters map in session but when the time comes for the originally requested action (dynamic result) I don't know how to pass the original request parameters. I guess the right place to do it is the custom interceptor but I don't know how to pass parameters to the request. Is it possible to do? El Viernes, 12 de julio de 2013 17:39:59 usted escribió: If I use redirections I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as Dave pointed out), container managed security, Spring security... Thank you all for your support. El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió: Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter which will holds the redirectaction. Upon login interception you will first check the login is done and then check for this parameter if there any value then simply forward to that action. else if login is required redirect it to the login page. If 'redirectto' url parameter is blank and login is success then forward it to the home page. On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez juntandolin...@gmail.comwrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Hi Antonios. Thank you very much. I was using invocation.getProxy().getConfig().getParams() instead, but that returns an immutable map. It works using getInvocationContext().getParameters(). Thank you. I have to say that I'm not chaining actions: it doesn't make sense to remember the original request if Login.jsp result breaks the chain and, at the end of the day, I have to code for remembering the original parameters (in the interceptor). I'm using redirectAction. One more question: What should I do in case the original request is a multipart request? For instance: select picture - click upload - authentication - upload action. El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió: Hi Antonio, You can't modify the parameter map from the Servlet request, but you can pass the extra params from your first request to your action by putting them in the struts parameters map by calling invocation. getInvocationContext().getParameters().#put. So to recap, you have your interceptor that catches the unauthorised action, you store the uri and all the params you need in the session, you redirect to the login page, and on login success you pass add the extra params to the strut2 parameter map, and then struts will populate your action. Antonios On 15 July 2013 10:16, Antonio Sánchez juntandolin...@gmail.com wrote: The problem was I did not consider the namespace in the interceptor, config file and login action. action name=authenticate class... result type=chain param name=actionName${#session.action}/param param name=namespace${#session.space}/param /result /action Well, this is actually the easy part but the original question remains: How do I remember the original request parameters? When the flow is forwarded to Login.jsp the original request is lost. I can save the parameters map in session but when the time comes for the originally requested action (dynamic result) I don't know how to pass the original request parameters. I guess the right place to do it is the custom interceptor but I don't know how to pass parameters to the request. Is it possible to do? El Viernes, 12 de julio de 2013 17:39:59 usted escribió: If I use redirections I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as Dave pointed out), container managed security, Spring security... Thank you all for your support. El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió: Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter which will holds the redirectaction. Upon login interception you will first check the login is done and then check for this parameter if there any value then simply forward to that action. else if login is required redirect it to the login page. If 'redirectto' url parameter is blank and login is success then forward it to the home page. On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez juntandolin...@gmail.comwrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail:
Re: S2 custom authentication: remembering original request
El Miércoles, 10 de julio de 2013 10:14:55 Dave Newton escribió: Or configure the server to run forwards through the filter. Sorry, I don't understand. On Jul 10, 2013 10:08 AM, Paul Benedict pbened...@apache.org wrote: Forwarding to another action means you want to do chaining: http://struts.apache.org/release/2.3.x/docs/action-chaining.html result type=chain param name=actionNameautenticar/param /result On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez juntandolin...@gmail.comwrote: Can't forward even without using global results: http://localhost:8084/mycontext/autenticar = login.jsp - OK action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available Which is the right way to forward to actions? Using 2.3.15. El Miércoles, 10 de julio de 2013 15:29:51 usted escribió: Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Cheers, Paul - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
That doesn't do what you want because by not specifying the result type, the dispatcher result is used and it's trying to serve the /authenticar resource, which doesn't exist. action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available What Paul said is that if you want to call another action as the result of your first action, you can use the chain result type, which does exactly that. (it also makes the original request params available to the chained action) On 12 July 2013 09:37, Antonio Sánchez juntandolin...@gmail.com wrote: El Miércoles, 10 de julio de 2013 10:14:55 Dave Newton escribió: Or configure the server to run forwards through the filter. Sorry, I don't understand. On Jul 10, 2013 10:08 AM, Paul Benedict pbened...@apache.org wrote: Forwarding to another action means you want to do chaining: http://struts.apache.org/release/2.3.x/docs/action-chaining.html result type=chain param name=actionNameautenticar/param /result On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez juntandolin...@gmail.comwrote: Can't forward even without using global results: http://localhost:8084/mycontext/autenticar = login.jsp - OK action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available Which is the right way to forward to actions? Using 2.3.15. El Miércoles, 10 de julio de 2013 15:29:51 usted escribió: Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Cheers, Paul - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter which will holds the redirectaction. Upon login interception you will first check the login is done and then check for this parameter if there any value then simply forward to that action. else if login is required redirect it to the login page. If 'redirectto' url parameter is blank and login is success then forward it to the home page. On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez juntandolin...@gmail.comwrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
I'm having problems with chaining. I have tried several ways but none works. For instance: 1. http://localhost/mycontext/secure/protected = Login.jsp (${#request.url} is readable in jsp). 2. Login.jsp = submit (correct user/pwd) = ERROR: Infinite recursion detected: [//authenticate!authenticate, //, //] (url not available as request attribute) When submitting, request attribute 'url' is not present in the action, I guess because result type of input is dispatcher, not chain, but using type chain with a JSP causes St2 to complain, and won't find any action. Pseudo-code: INTERCEPTOR if (userInSession == null) { request.setAttribute(url, request.getServletPath()); return AUTHENTICATE; } return invocation.invoke(); STRUTS.XML - package base, namespace - defines interceptor SECURE and default interceptor stack (SECURE, DEFAULTSTACK). - defines global result: result name=AUTHENTICATE type=chain param name=actionNameauthenticate/param param name=namespace//param /result - package root extends base, namespace / action name=authenticate class... result type=chain param name=actionName${#request.url}/param /result result name=input/Login.jsp/result /action - package secure extends base, namespace /secure action name=protected class=... result/secure/Protected.jsp/result /action ACTION AUTHENTICATE if (userInSession != null ) { request.getSession().setAttribute(USER_IN_SESSION, userInSession); //expecting original url is a request attribute return SUCCESS; } else { return INPUT; } At the moment I've not been able to implement the requirement. El Miércoles, 10 de julio de 2013 10:07:36 Paul Benedict escribió: Forwarding to another action means you want to do chaining: http://struts.apache.org/release/2.3.x/docs/action-chaining.html result type=chain param name=actionNameautenticar/param /result On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez juntandolin...@gmail.comwrote: Can't forward even without using global results: http://localhost:8084/mycontext/autenticar = login.jsp - OK action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available Which is the right way to forward to actions? Using 2.3.15. El Miércoles, 10 de julio de 2013 15:29:51 usted escribió: Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
try request.setAttribute(url,invocation.getInvocationContext().getName()) in your interceptor. Antonios On 12 July 2013 12:03, Antonio Sánchez juntandolin...@gmail.com wrote: I'm having problems with chaining. I have tried several ways but none works. For instance: 1. http://localhost/mycontext/secure/protected = Login.jsp (${#request.url} is readable in jsp). 2. Login.jsp = submit (correct user/pwd) = ERROR: Infinite recursion detected: [//authenticate!authenticate, //, //] (url not available as request attribute) When submitting, request attribute 'url' is not present in the action, I guess because result type of input is dispatcher, not chain, but using type chain with a JSP causes St2 to complain, and won't find any action. Pseudo-code: INTERCEPTOR if (userInSession == null) { request.setAttribute(url, request.getServletPath()); return AUTHENTICATE; } return invocation.invoke(); STRUTS.XML - package base, namespace - defines interceptor SECURE and default interceptor stack (SECURE, DEFAULTSTACK). - defines global result: result name=AUTHENTICATE type=chain param name=actionNameauthenticate/param param name=namespace//param /result - package root extends base, namespace / action name=authenticate class... result type=chain param name=actionName${#request.url}/param /result result name=input/Login.jsp/result /action - package secure extends base, namespace /secure action name=protected class=... result/secure/Protected.jsp/result /action ACTION AUTHENTICATE if (userInSession != null ) { request.getSession().setAttribute(USER_IN_SESSION, userInSession); //expecting original url is a request attribute return SUCCESS; } else { return INPUT; } At the moment I've not been able to implement the requirement. El Miércoles, 10 de julio de 2013 10:07:36 Paul Benedict escribió: Forwarding to another action means you want to do chaining: http://struts.apache.org/release/2.3.x/docs/action-chaining.html result type=chain param name=actionNameautenticar/param /result On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez juntandolin...@gmail.comwrote: Can't forward even without using global results: http://localhost:8084/mycontext/autenticar = login.jsp - OK action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available Which is the right way to forward to actions? Using 2.3.15. El Miércoles, 10 de julio de 2013 15:29:51 usted escribió: Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail:
Re: S2 custom authentication: remembering original request
El Viernes, 12 de julio de 2013 12:33:43 Antonios Gkogkakis escribió: try request.setAttribute(url,invocation.getInvocationContext().getName()) in your interceptor. Same result. Even using invocation.getProxy().getNamespace(). Antonios On 12 July 2013 12:03, Antonio Sánchez juntandolin...@gmail.com wrote: I'm having problems with chaining. I have tried several ways but none works. For instance: 1. http://localhost/mycontext/secure/protected = Login.jsp (${#request.url} is readable in jsp). 2. Login.jsp = submit (correct user/pwd) = ERROR: Infinite recursion detected: [//authenticate!authenticate, //, //] (url not available as request attribute) When submitting, request attribute 'url' is not present in the action, I guess because result type of input is dispatcher, not chain, but using type chain with a JSP causes St2 to complain, and won't find any action. Pseudo-code: INTERCEPTOR if (userInSession == null) { request.setAttribute(url, request.getServletPath()); return AUTHENTICATE; } return invocation.invoke(); STRUTS.XML - package base, namespace - defines interceptor SECURE and default interceptor stack (SECURE, DEFAULTSTACK). - defines global result: result name=AUTHENTICATE type=chain param name=actionNameauthenticate/param param name=namespace//param /result - package root extends base, namespace / action name=authenticate class... result type=chain param name=actionName${#request.url}/param /result result name=input/Login.jsp/result /action - package secure extends base, namespace /secure action name=protected class=... result/secure/Protected.jsp/result /action ACTION AUTHENTICATE if (userInSession != null ) { request.getSession().setAttribute(USER_IN_SESSION, userInSession); //expecting original url is a request attribute return SUCCESS; } else { return INPUT; } At the moment I've not been able to implement the requirement. El Miércoles, 10 de julio de 2013 10:07:36 Paul Benedict escribió: Forwarding to another action means you want to do chaining: http://struts.apache.org/release/2.3.x/docs/action-chaining.html result type=chain param name=actionNameautenticar/param /result On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez juntandolin...@gmail.comwrote: Can't forward even without using global results: http://localhost:8084/mycontext/autenticar = login.jsp - OK action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available Which is the right way to forward to actions? Using 2.3.15. El Miércoles, 10 de julio de 2013 15:29:51 usted escribió: Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The
Re: S2 custom authentication: remembering original request
Have you added the Chaining interceptor ? Antonios On 12 July 2013 12:41, Antonio Sánchez juntandolin...@gmail.com wrote: El Viernes, 12 de julio de 2013 12:33:43 Antonios Gkogkakis escribió: try request.setAttribute(url,invocation.getInvocationContext().getName()) in your interceptor. Same result. Even using invocation.getProxy().getNamespace(). Antonios On 12 July 2013 12:03, Antonio Sánchez juntandolin...@gmail.com wrote: I'm having problems with chaining. I have tried several ways but none works. For instance: 1. http://localhost/mycontext/secure/protected = Login.jsp (${#request.url} is readable in jsp). 2. Login.jsp = submit (correct user/pwd) = ERROR: Infinite recursion detected: [//authenticate!authenticate, //, //] (url not available as request attribute) When submitting, request attribute 'url' is not present in the action, I guess because result type of input is dispatcher, not chain, but using type chain with a JSP causes St2 to complain, and won't find any action. Pseudo-code: INTERCEPTOR if (userInSession == null) { request.setAttribute(url, request.getServletPath()); return AUTHENTICATE; } return invocation.invoke(); STRUTS.XML - package base, namespace - defines interceptor SECURE and default interceptor stack (SECURE, DEFAULTSTACK). - defines global result: result name=AUTHENTICATE type=chain param name=actionNameauthenticate/param param name=namespace//param /result - package root extends base, namespace / action name=authenticate class... result type=chain param name=actionName${#request.url}/param /result result name=input/Login.jsp/result /action - package secure extends base, namespace /secure action name=protected class=... result/secure/Protected.jsp/result /action ACTION AUTHENTICATE if (userInSession != null ) { request.getSession().setAttribute(USER_IN_SESSION, userInSession); //expecting original url is a request attribute return SUCCESS; } else { return INPUT; } At the moment I've not been able to implement the requirement. El Miércoles, 10 de julio de 2013 10:07:36 Paul Benedict escribió: Forwarding to another action means you want to do chaining: http://struts.apache.org/release/2.3.x/docs/action-chaining.html result type=chain param name=actionNameautenticar/param /result On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez juntandolin...@gmail.comwrote: Can't forward even without using global results: http://localhost:8084/mycontext/autenticar = login.jsp - OK action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available Which is the right way to forward to actions? Using 2.3.15. El Miércoles, 10 de julio de 2013 15:29:51 usted escribió: Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original
Re: S2 custom authentication: remembering original request
AFAIC, chaining interceptor is included in the default stack. Anyway I have added it and still same result. interceptor-ref name=chain/ !--- HERE -- interceptor-ref name=securityInteceptor / interceptor-ref name=chain/ !--- AND HERE -- interceptor-ref name=defaultStack / I'll try Rahul comments and will let you know. El Viernes, 12 de julio de 2013 13:05:10 Antonios Gkogkakis escribió: Have you added the Chaining interceptor ? Antonios On 12 July 2013 12:41, Antonio Sánchez juntandolin...@gmail.com wrote: El Viernes, 12 de julio de 2013 12:33:43 Antonios Gkogkakis escribió: try request.setAttribute(url,invocation.getInvocationContext().getName()) in your interceptor. Same result. Even using invocation.getProxy().getNamespace(). Antonios On 12 July 2013 12:03, Antonio Sánchez juntandolin...@gmail.com wrote: I'm having problems with chaining. I have tried several ways but none works. For instance: 1. http://localhost/mycontext/secure/protected = Login.jsp (${#request.url} is readable in jsp). 2. Login.jsp = submit (correct user/pwd) = ERROR: Infinite recursion detected: [//authenticate!authenticate, //, //] (url not available as request attribute) When submitting, request attribute 'url' is not present in the action, I guess because result type of input is dispatcher, not chain, but using type chain with a JSP causes St2 to complain, and won't find any action. Pseudo-code: INTERCEPTOR if (userInSession == null) { request.setAttribute(url, request.getServletPath()); return AUTHENTICATE; } return invocation.invoke(); STRUTS.XML - package base, namespace - defines interceptor SECURE and default interceptor stack (SECURE, DEFAULTSTACK). - defines global result: result name=AUTHENTICATE type=chain param name=actionNameauthenticate/param param name=namespace//param /result - package root extends base, namespace / action name=authenticate class... result type=chain param name=actionName${#request.url}/param /result result name=input/Login.jsp/result /action - package secure extends base, namespace /secure action name=protected class=... result/secure/Protected.jsp/result /action ACTION AUTHENTICATE if (userInSession != null ) { request.getSession().setAttribute(USER_IN_SESSION, userInSession); //expecting original url is a request attribute return SUCCESS; } else { return INPUT; } At the moment I've not been able to implement the requirement. El Miércoles, 10 de julio de 2013 10:07:36 Paul Benedict escribió: Forwarding to another action means you want to do chaining: http://struts.apache.org/release/2.3.x/docs/action-chaining.html result type=chain param name=actionNameautenticar/param /result On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez juntandolin...@gmail.comwrote: Can't forward even without using global results: http://localhost:8084/mycontext/autenticar = login.jsp - OK action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available Which is the right way to forward to actions? Using 2.3.15. El Miércoles, 10 de julio de 2013 15:29:51 usted escribió: Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global
Re: S2 custom authentication: remembering original request
If I use redirections I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as Dave pointed out), container managed security, Spring security... Thank you all for your support. El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió: Hi Here is the way you can achieve this. You need to design login action to have the url 'redirectto' parameter which will holds the redirectaction. Upon login interception you will first check the login is done and then check for this parameter if there any value then simply forward to that action. else if login is required redirect it to the login page. If 'redirectto' url parameter is blank and login is success then forward it to the home page. On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez juntandolin...@gmail.comwrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
It should definitely be possible because what you described is out of the box functionality in Spring Security where their concept of intercepters is a filter. I would recommend that if you need a complete authentication and permissions checking functionality to look into Spring Security. We have used it for quite a while to protect various resources and method invocations on per user and per role validations and has allowed us to focus time elsewhere in development. Sent from my Verizon Wireless BlackBerry -Original Message- From: Antonio Sánchez juntandolin...@gmail.com Date: Wed, 10 Jul 2013 14:27:29 To: Struts Users Mailing Listuser@struts.apache.org Reply-To: Struts Users Mailing List user@struts.apache.org Subject: S2 custom authentication: remembering original request Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org Email secured by Check Point - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
El Miércoles, 10 de julio de 2013 13:00:44 CRANFORD, CHRIS escribió: It should definitely be possible because what you described is out of the box functionality in Spring Security where their concept of intercepters is a filter. How can I remember the original request? Piece by piece? I can only think of storing in session original headers, parameters, inputstream... This is not a rare use case. For example, using the system for uploading a picture, the user clicks submit but authentication is required for this operation. After successful authentication, the original request is processed (with original form an picture bytes), the user needs not to fill any form nor to select again the picture. I would recommend that if you need a complete authentication and permissions checking functionality to look into Spring Security. We have used it for quite a while to protect various resources and method invocations on per user and per role validations and has allowed us to focus time elsewhere in development. This is not a real scenario. In a real scenario I would use container managed security or Spring Security. I am just learning Struts and exploring its capabilities. How would a Struts developer implement a use case like this? Sent from my Verizon Wireless BlackBerry -Original Message- From: Antonio Sánchez juntandolin...@gmail.com Date: Wed, 10 Jul 2013 14:27:29 To: Struts Users Mailing Listuser@struts.apache.org Reply-To: Struts Users Mailing List user@struts.apache.org Subject: S2 custom authentication: remembering original request Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org Email secured by Check Point - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Can't forward even without using global results: http://localhost:8084/mycontext/autenticar = login.jsp - OK action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available Which is the right way to forward to actions? Using 2.3.15. El Miércoles, 10 de julio de 2013 15:29:51 usted escribió: Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 custom authentication: remembering original request
Forwarding to another action means you want to do chaining: http://struts.apache.org/release/2.3.x/docs/action-chaining.html result type=chain param name=actionNameautenticar/param /result On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez juntandolin...@gmail.comwrote: Can't forward even without using global results: http://localhost:8084/mycontext/autenticar = login.jsp - OK action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available Which is the right way to forward to actions? Using 2.3.15. El Miércoles, 10 de julio de 2013 15:29:51 usted escribió: Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Cheers, Paul
Re: S2 custom authentication: remembering original request
Or configure the server to run forwards through the filter. On Jul 10, 2013 10:08 AM, Paul Benedict pbened...@apache.org wrote: Forwarding to another action means you want to do chaining: http://struts.apache.org/release/2.3.x/docs/action-chaining.html result type=chain param name=actionNameautenticar/param /result On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez juntandolin...@gmail.comwrote: Can't forward even without using global results: http://localhost:8084/mycontext/autenticar = login.jsp - OK action name=forward result/autenticar/result /action http://localhost:8084/mycontext/forward = 404 ERROR - /mycontext/autenticar not available Which is the right way to forward to actions? Using 2.3.15. El Miércoles, 10 de julio de 2013 15:29:51 usted escribió: Second question: because it's a redirect, hence a new request. http://localhost:8084/mycontext/autenticar = login.jsp - OK Returned by interceptor: global-results result name=AUTENTICAR/autenticar/result /global-results http://localhost:8084/mycontext/admin/protected = 404 ERROR - /mycontext/autenticar not available How should I forward to actions? El Miércoles, 10 de julio de 2013 07:43:38 Dave Newton escribió: Second question: because it's a redirect, hence a new request. Dave On Jul 10, 2013 7:28 AM, Antonio Sánchez juntandolin...@gmail.com wrote: Use Case: request some protected resource - redirect action for authentication - access protected resource. I'm using a custom interceptor that redirects (redirectAction) to a global result if no user object is found in session. The final action result then redirects to a login page. The interceptor gets the original action requested (using request.getServletPath(), but not sure if this is right), and puts it in the value stack. It would be used with dynamic redirection in the final result upon login success( ${nextAction} ) . This action must be passed in between redirections. But I need to reuse the original request. Reconstructing the request with a query string is not an option. I need the original request: GET/POST method, all parameters/values, maybe uploading binary content (inputstream), maybe headers... Is it possible to do this? How? -- Partially related to this: I'm having problems with redirections. The original request parameters are forwarded only using dispatcher result . If I use redirectAction or redirect, original params are lost. Why? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Cheers, Paul