In my project, I have everything defined as an action in a struts.xml. All my action classes extend BaseAction. Then, for cases where everything I need really *is* in the jsp, I just have an action set up something like:
<action name="jspOnly" class="BaseAction"> <result name="success">no-action-jsp.jsp</result> </action> Doing it this way, *everything* will be an action (though the BaseAction execute() method doesn't really do much). -Brian On Sun, Jul 11, 2010 at 11:13 AM, JP Cafaro <jcafar...@gmail.com> wrote: > I'm not sure I follow. There isn't an action here. > Let's say I have a jsp page that I want to be secure, aka you have to be > logged in to visit. For all of the secure pages that actually require some > work to be done, this is ok, because the workflow is: 1) Click link to > secure page, "/secure-page", 2) This triggers action SecurePage.java 3)Then > successfully direct to /secure-page.jsp. > > Some pages however, don't need any work to be done so there isn't a need for > a class. In non secure cases this is fine. Click link to "/insecure-page" > and the result is "/insecure-page.jsp". In secure cases, I don't want > "/secure-page" to go to "/secure-page.jsp" but I also don't want to make an > empty action class for every page JUST so that an interceptor can say, "hey > that action is being fired but we're not logged in, redirect to login page". > > Is this possible? I'm not familiar with Spring, I'm still trying to get > through the basics of struts2. The book I'm reading uses empty classes. I > just don't like the idea that that's the only option. > > Brian Thompson wrote: >> >> Couldn't you just declare "BaseAction.java" as the action's class? >> >> Also; it sounds like you're using a custom security solution; I'd >> suggest using Spring Security instead. Custom security code is likely >> to suffer from many of the bugs that Spring Security ran into years >> ago. >> >> -Brian >> >> On Sun, Jul 11, 2010 at 8:25 AM, JP Cafaro <jcafar...@gmail.com> wrote: >> >>> >>> One thing that I don't like (haven't figured out how to get around this) >>> is >>> the need for empty classes. If I have a secure page, like an image >>> upload >>> form, let's call it (image-upload-form.jsp), I don't want the user to be >>> able to access it if he or she is not logged in. To accomplish this, I >>> have >>> a package defined in my struts.xml that declares a custom interceptor. >>> Then, in the actions that need to be secure, I declare this package as >>> their ParentPackage using a package-info.java file. Finally, in order >>> for >>> an access to image-upload-form.jsp to be intercepted, I have to have a >>> class >>> called ImageUploadForm.java JUST so that the interceptor can be called. >>> There's nothing in the class that needs to be done. It seems like a >>> waste. >>> Is there any way around this? >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
