Ok. Nice to know about filters. I have found this SecurityFilter Projetct at sourceforge. http://securityfilter.sourceforge.net/
Has anyone used it? Tks Felipe -----Mensagem original----- De: Guido García Bernardo [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 5 de dezembro de 2003 08:42 Para: Struts Users Mailing List Assunto: Re: RES: Subclassing ActionServlet This way you can't extend other 'struts core actions' (Dispatch, Lookup...). I think a better way may be: - Using a filter (servlet 2.3) in order to pre and post process the request - Extending RequestDispatcher Regards, Guido. PD. I am not sure, but i think you can find a discussion about that in Struts in Action. Felipe Nascimento wrote: >A simple way that I use do go: > >Super Action class, like: >UserMustBeLoggedAction{ > execute(attribs){ > verify session stuff.... > if ok -> myExecute(attribs); > else return ActionForward; > } > > abstract myExecute(attribs); >} > >NewAction extends UserMustBeLoggedAction{ > myExecute(){ > ...... > } >} > >What do experts recommend?? > >Regards >Felipe > >-----Mensagem original----- >De: Gopal Venkata Achi [mailto:[EMAIL PROTECTED] >Enviada em: quinta-feira, 4 de dezembro de 2003 18:55 >Para: Struts Users Mailing List >Assunto: RE: Subclassing ActionServlet > > >Hi >I have come across a plug-in for Struts, that is called as SAIF (Struts >Action Invocation Framework), which enables us to write a pre-action >and post action methods. You can use PreAction method for doing all >the session authentication, etc., I did not really use this, but the >features are available at : http://struts.sourceforge.net/saif/ ><http://struts.sourceforge.net/saif/> >Any thoughts on this. >Regards, >Gopal > > > > > > -----Original Message----- > From: Fullam, Jonathan [mailto:[EMAIL PROTECTED] > Sent: Thu 12/4/2003 1:07 PM > To: 'Struts Users Mailing List' > Cc: > Subject: Subclassing ActionServlet > > > > All, > > I need to check the Session for an authenticated user before most >requests. > To do this I subclassed ActionServlet and only call super(request, >response) > upon verification that authenticated user is in the Session. > > if (request.getRequestURI().endsWith("welcome.do") | > request.getRequestURI().endsWith("logon.do") | > request.getRequestURI().endsWith("html")) > { > super.process(request, response); > } > > > else if (request.getSession().getAttribute("USER") == null) > { > //Forward to login page > response.sendRedirect("/welcome.do"); > } > > I also know about the ability to subclass the RequestProcessor and > providing my own implementation of the processPreprocess method >to > accomplish the same thing. > > Does anybody know of any serious disadvantages or side effects of > subclassing the ActionServlet class rather than the >RequestProcessor class. > > > >--- >Incoming mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.547 / Virus Database: 340 - Release Date: 2/12/2003 > >--- >Outgoing mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.547 / Virus Database: 340 - Release Date: 2/12/2003 > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > -- Guido García Bernardo - [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Tfn. +34 983 54 89 08 IT DEUSTO <http://www.itdeusto.com> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.547 / Virus Database: 340 - Release Date: 2/12/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.547 / Virus Database: 340 - Release Date: 2/12/2003 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
