El Miércoles, 10 de julio de 2013 13:00:44 CRANFORD, CHRIS escribió:
> It should definitely be possible because what you described is out of the box
> functionality in Spring Security where their concept of intercepters is a
> filter.
How can I remember the original request? Piece by piece? I can only think of
storing in session original headers, parameters, inputstream...
This is not a rare use case. For example, using the system for uploading a
picture, the user clicks submit but authentication is required for this
operation. After successful authentication, the original request is processed
(with original form an picture bytes), the user needs not to fill any form nor
to select again the picture.
>
> I would recommend that if you need a complete authentication and permissions
> checking functionality to look into Spring Security. We have used it for
> quite a while to protect various resources and method invocations on per user
> and per role validations and has allowed us to focus time elsewhere in
> development.
This is not a real scenario. In a real scenario I would use container managed
security or Spring Security. I am just learning Struts and exploring its
capabilities. How would a Struts developer implement a use case like this?
>
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: Antonio Sánchez <juntandolin...@gmail.com>
> Date: Wed, 10 Jul 2013 14:27:29
> To: Struts Users Mailing List<user@struts.apache.org>
> Reply-To: Struts Users Mailing List <user@struts.apache.org>
> Subject: S2 custom authentication: remembering original request
>
> Use Case: request some protected resource -> redirect action for
> authentication -> access protected resource.
>
> I'm using a custom interceptor that redirects (redirectAction) to a global
> result if no user object is found in session. The final action result then
> redirects to a login page.
>
> The interceptor gets the original action requested (using
> request.getServletPath(), but not sure if this is right), and puts it in the
> value stack. It would be used with dynamic redirection in the final result
> upon login success( ${nextAction} ) . This action must be passed in between
> redirections.
>
> But I need to reuse the original request. Reconstructing the request with a
> query string is not an option. I need the original request: GET/POST method,
> all parameters/values, maybe uploading binary content (inputstream), maybe
> headers...
>
> Is it possible to do this? How?
>
> ------
>
> Partially related to this: I'm having problems with redirections. The
> original request parameters are forwarded only using dispatcher result . If I
> use redirectAction or redirect, original params are lost. Why?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
>
>
> Email secured by Check Point
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
