Jumping in on this one a tad late, forgive me if this has been said: I've found the main thing lost without mapping to a url of /* is the niceties afforded by struts2 - automatic formatting, javascript support, etc. The core functionality still exists, albeit stripped down.
You can get most of the functionality back by expanding several folders normally found in the struts2-core jar file. My list is likely outdated because I'm using an older version of struts2, but it will give you an idea of what to move - /struts/ajax/** - /struts/css_xhtml/** - /struts/dojo/** - /struts/xhtml/** HTH, -dave -----Original Message----- From: jesse crossley [mailto:[email protected]] Sent: Monday, May 18, 2009 4:38 PM To: [email protected] Subject: Re: File upload (jupload)--how to disable struts2' fileupload interceptor? you were right, Andy, i finally safely changed the struts2 filter mappings from "/*" to "*.action" and today i've had great success merging redback struts2 with my existing webapp. i hit upon this when googling led me to another post elsewhere that was questioning how to run struts1 alongside struts2. the answer was to map the struts1 servlet to "*.do" and the struts2 filter to "*.action". this beat my attempts of "/struts2/*" and even "/*.action", and finally did what i wanted, enabling all of the security (and struts2) actions i need while not glomming on to any other URLs i may be using. but this answer was not easily come by: especially when all the struts.xml/web.xml/filter information i came across during extensive googling indicated that the "/*" filter was too important to the workings of struts2 to disable. coupled with the trouble i had creating a valid filter, i reached the premature conclusion that i wouldn't find an answer to the filtering problem. what would be nice is some explanation as to how to better configure the filtering and namespaces in the web and struts xml files. i'm not about to redo my existing webapps in struts2 (due to time and general lack of knowledge), but i'm all over this integration of redback struts2-based security with minimal mods to my existing webapps. it looks like i can safely do it, now, but i can't explain how or why it works this way (yet), and with the purported wide acceptance and use of struts2 i'd have hoped for more how-to use-cases similar to my own. the problem i hit now is this one Andy Sykes wrote: > > .. the only example I can see is if you're using Struts > interceptors/actions for webapp security - in which case hitting a > servlet directly might mean there's no session information to validate > the user. That's a trivial matter, though. > > i'm in just this scenario now: how can i check the securitySession info from the servlet-side of things? i've re-implemented the IfAuthorizedTag's condition() method as a Utils.isAuthorized() method, but i never seem to be connecting with the authorization info. any ideas/pointers there? i'm plumb tired after googling for days... public static final boolean ifAuthorized( final HttpSession session, final String permission, final String resource) throws ServletException { ApplicationContext applicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(session.getS ervletContext()); Boolean authzStatusBool = (Boolean) session.getServletContext().getAttribute( "redbackCache" + permission + (resource!=null?resource:"")); boolean authzStatus; if ( authzStatusBool == null ) { SecuritySession securitySession = (SecuritySession) session.getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY ); try{ SecuritySystem securitySystem = (SecuritySystem) applicationContext.getBean(PlexusToSpringUtils.buildSpringId(SecuritySys tem.ROLE)); if (securitySystem == null){ throw new ServletException( "unable to locate security system" ); } authzStatus = securitySystem.isAuthorized( securitySession, permission, resource!=null?resource:"" ); session.getServletContext().setAttribute( "redbackCache" + permission + (resource!=null?resource:""), Boolean.valueOf( authzStatus ) ); }catch ( AuthorizationException ae ){ throw new ServletException( "error with authorization", ae ); } }else{ authzStatus = authzStatusBool.booleanValue(); } session.getServletContext().setAttribute( "ifAuthorizedTag", Boolean.valueOf( authzStatus ) ); return authzStatus; } -- View this message in context: http://www.nabble.com/File-upload-%28jupload%29--how-to-disable-struts2% 27-fileupload-interceptor--tp23534189p23604543.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Notice: This e-mail message, together with any attachments, contains information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp & Dohme or MSD and in Japan, as Banyu - direct contact information for affiliates is available at http://www.merck.com/contact/contacts.html) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
