Why would you filter on the event? You should filter on the URL.
Strachan, Paul wrote:
Hi,
Does Struts1 provide an example anywhere of how to use Servlet Filter to
access the struts config?
Thanks,
Paul
-----Original Message-----
From: Strachan, Paul [mailto:[EMAIL PROTECTED]
Sent: Friday, 27 July 2007 3:47 PM
To: user@struts.apache.org
Subject: [s1] security filter for EventDispatchAction
Hi,
For security/authorisation we use a servlet filter which checks the url
against our security database. We've recently upgraded to Struts 1.2.9
and tried using EventDispatchAction, but the problem is the filter does
not know which event to secure against (as the event name is arbitory
value and only struts knows about it in the mapping).
The problem with using EventDispatchAction is we don't know the event
parameter name is (ie what method Struts is going to execute) - to check
if the user has access to this action/event/method.
I think I will need to access the struts-config (module relative) and
EventDispatch logic from the Filter in order to deduce the current
event. Does this sound feasible and is there any good example to do
this.
Thanks,
Paul
Note - our approach works fine for urls mapped with
MappingDispatchAction and DispatchAction (eg for the latter we know what
the dispatch param name is)
**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
