I have my ActionServlet mapped to "*.do" and an ActionFilter mapped to
that same url-pattern. In ActionFilter, I check to see if there is a
UserForm in the session, and secondly to see if
request.getRemoteUser() returns null. If either of these occur, I
call my Business Delegate (UserManager in my case) to get the user's
information. Currently, it talks to a database to get the information,
but it easily could talk to a Directory Server like LDAP. Here's some
code from my doFilter method:
UserForm userForm = (UserForm)
session.getAttribute(Constants.USER_KEY);
ServletContext ctx = filterConfig.getServletContext();
String username = request.getRemoteUser();
// user authenticated, empty user object
if ((username != null) && (userForm == null)) {
try {
UserManager mgr = new UserManagerImpl((String)
ctx.getAttribute(Constants.DAO_TYPE));
UserForm user = mgr.getUser(username);
session.setAttribute(Constants.USER_KEY, user);
} catch (Exception e) {
log.error("Error getting user's information", e);
e.printStackTrace();
ActionErrors errors = new ActionErrors();
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("errors.general"));
while (e != null) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("errors.detail",
e.getMessage()));
e = (Exception) e.getCause();
}
request.setAttribute(Globals.ERROR_KEY, errors);
// forward to the error page
RequestDispatcher dispatcher =
request.getRequestDispatcher("/error.jsp");
dispatcher.forward(request, response);
return; // stop processing
}
}
--- In [EMAIL PROTECTED], usha <[EMAIL PROTECTED]> wrote:
> Hi
>
> can you tell me briefly how you are using filtes in security-example
> application.
>
> Thanks
> usha
>
> Matt Raible wrote:
>
> >You could use a filter to map to all your protected resources. This
> >is what I do in the security-example application I recently wrote.
> >You can download the source at:
> >
> >http://javawebapps.com/downloads/security-example.zip (14MB)
> >
> >HTH,
> >
> >Matt
> >
> >--- In [EMAIL PROTECTED], usha <[EMAIL PROTECTED]> wrote:
> >
> >
> >>Hi
> >>
> >>Sorry what you mean by proxy. i didn't get you actually i wanted
> >>
> >>
> >to
> >
> >
> >>authenticate logged in user against the users that are there in
> >>
> >>
> >the
> >
> >
> >>database, and when ever they bookmark some page and if they go to
> >>
> >>
> >that
> >
> >
> >>page directly i wanted to display the login page after they login
> >>sussefully only . right now with form based authentication i am
> >>
> >>
> >getting
> >
> >
> >>this , but i had some drawbacks as i mentioned in the previous
> >>
> >>
> >mail. is
> >
> >
> >>there a standard way i can use for user login checks.
> >>
> >>thanks
> >>usha
> >>
> >>Eddie Bush wrote:
> >>
> >>
> >>
> >>>Write a proxy to retrieve the user data you wish to put in the
> >>>session. The proxy will check to see if a user has been
> >>>
> >>>
> >authenticated
> >
> >
> >>>(request.getUserPrincipal() != null), and, if they have, it will
> >>>
> >>>
> >check
> >
> >
> >>>to see if your user data has been created yet. If it has, it
> >>>
> >>>
> >will
> >
> >
> >>>just take it from the session and return it. If it hasn't, it
> >>>
> >>>
> >will
> >
> >
> >>>create it, save it to the session, and return it.
> >>>
> >>>That help?
> >>>
> >>>usha wrote:
> >>>
> >>>
> >>>
> >>>>Hi
> >>>>
> >>>>i am new to structs. right now i am using in my project form
> >>>>
> >>>>
> >based
> >
> >
> >>>>authentication. with this i have some problems like i cannot
> >>>>instantiate some of session veriable upon logging etc. is there
> >>>>
> >>>>
> >any
> >
> >
> >>>>standard mechnism for loging using sturcts. i am using JBoss as
> >>>>
> >>>>
> >my
> >
> >
> >>>>application server.
> >>>>
> >>>>Thanks in advance
> >>>>usha..
> >>>>
> >>>>
> >>>
> >>>
> >>
> >>
> >>--
> >>To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@j...>
> >>For additional commands, e-mail: <mailto:struts-user-help@j...>
> >>
> >>
> >
> >
> >--
> >To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@j...>
> >For additional commands, e-mail: <mailto:struts-user-help@j...>
> >
> >
>
>
>
>
> --
> To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@j...>
> For additional commands, e-mail: <mailto:struts-user-help@j...>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
