I haven't been following this thread too closely but
I know its been some what long so if this solution has
already been proposed, I apologize in advance.
We use SecurityFilter and an additional filter which
checks for the Principal in the request. If the Principal exists,
then we can be assured that the user has successfully logged in; at
which point we check to see if the required information is in the
session. If not, then we persist the required information into the session.
If so, then we do nothing. In either case we allow the filter chain to proceed.
It has worked quite nicely so far.
Principal principal = req.getUserPrincipal();
if (principal != null) {
if (req.getSession().getAttribute("requiredInformation") == null) {
// do other login stuff here
}
}
chain.doFilter(req, res);
hth,
robert
> -----Original Message-----
> From: struts Dude [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 30, 2004 8:19 PM
> To: Struts Users Mailing List
> Subject: Re: SecurityFilter Question?
>
>
>
> ----- Original Message -----
> From: "Jason Lea" <[EMAIL PROTECTED]>
> To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
> Sent: Monday, August 30, 2004 6:07 PM
> Subject: Re: SecurityFilter Question?
>
> > >
> > >Can't u do this using an Action? Say, accessing /admin/LogAction.do
> > >invokes SecurityFilter, after authentication by SecurityFilter is passed,
> > >go directly to LogAction as below
> > >
> > >
> >
> > The problem comes if the user bookmarks a url like /user/abc.do, starts
> > up their browser and goes directly to the protected URL. The security
> > filter will take them to the login form, they submit username/password
> > and seucirty filter authenticates them. Once they are authenticated
> > they are redirected back to /users/abc.do - they don't pass through
> > LogAction at all. So I normally have a filter that makes sure the bean
> > is in session from where ever they are called.
> >
>
>
> > You don't have to use a filter though, you could make a base action that
> > does puts the bean into session and have all your actions sub-class that
> > one.
>
> Using action to put bean in Session after SecurityFilter, how is that
> possible when after authentication by SecurityFilter, u taken right
> back to /user/abc.do where u 1st request it and doesn't pass
> through to action attribute as specified in action-mapping of
> struts-config.xml?
>
> I have tried to use action, after authentication, I am indeed taken
> back to the page /admin/logon.do or /user/logon.do and got
> error message in browser:
>
> HTTP Status 400 - Invalid path /admin/Logon was requested
>
> message Invalid path /admin/Logon was requested
>
> description The request sent by the client was syntactically incorrect
> (Invalid path /admin/Logon was requested).
>
> -------------
>
> My action mapping is struts-conf.xml
>
> Both
>
> <action
> path="/admin/Logon.do"
> type="org.apache.struts.actions.ForwardAction"
> parameter="LogAction.do?action=logon"/>
>
> <action
> path="/user/Logon.do"
> type="org.apache.struts.actions.ForwardAction"
> parameter="LogAction.do?action=logon"/>
>
> <!--
> My LogAction extends DispatchAction and will try
> to put User bean in session. -->
>
> or
>
> <action
> path="/admin/Logon.do"
> type="org.apache.struts.actions.ForwardAction"
> parameter="Welcome.do"/>
> <action
> path="/user/Logon.do"
> type="org.apache.struts.actions.ForwardAction"
> parameter="Welcome.do"/>
>
> won't work.
>
> -----------------------
>
> BTW, how wud u use html:form to display
> login fields?
>
> I can't get struts tag to work with login fields
> except for using things like:
>
> <form action="j_security_check" method="POST">
> Username: <input type="text" name="j_username"><p>
> Password: <input type="password" name="j_password"><p>
> <input type="Submit">
>
> </form>
>
> ------------------
>
> Ok, using filter (as u said) after SecurityFilter wud solve this simply but
> I like to stick with pure Struts approach if possible.
>
> Thanks
>
>
> > Jason Lea
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
