I am investigating using struts on an upcoming project, and I will need to figure out a way to port some of my custom struts security preprocessing to Shale. In my most current Struts implementation, I use a chain to test several attributes on a request to authenticate it, (things like cookies or whether the user needed authentication to view the current request) and establish the session. If I need to forward a user to some intermediate page for further security processing (like a login page), I changed the ActionConfig attribute on the ServletActionContext, and then allow the Chain to redirect the request according to what was I changed in the ActionChain attribute. (If this doesn't match exactly with the current 1.3 release, it's because I adapted the Chain part of it to Struts 1.2). I very much like this seperation, where my security preprocessing commands are only concerned with the Context, and I don't have to manipulate the Request in each Command that might need to forward, include, or redirect.
As I look at shale, I don't see a way to do something similar. If I wanted any Command in my preprocessing chain to redirect a request or process something differently, it looks like I would have to manipulate the HttpRequest object manually. Of course, I could build my own ForwardBean, put that in the Context as a new attribute, and build my own machinery to process this, but it seems like what I'm doing is a pretty standard type of thing, and I'm wondering if I'm missing something since something like this does not exist. It seems like a simple Forward bean could be included in the Shale framework, an attribute could be added to the ShaleWebContext for it, and the ShaleApplicationFilter could pay attention to it, at least for the preprocess part. Also, in my current struts implementation, I assign custom security attributes to each Action, and this is one of the things my custom preprocessor looks at. If I were to move to Shale, it looks like the best place to put these custom security attributes would on my backing beans, unless I wanted a whole new configuration file for these attributes, which I don't. Does that sound right? Thanks in advance. David Bowers
