This week's book giveaways are in the AI and JavaScript forums.
We're giving away four copies each of GANs in Action and WebAssembly in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of GANs in ActionE this week in the AI forum
or WebAssembly in Action in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
  • Knute Snortum
Sheriffs:
  • Liutauras Vilda
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Joe Ess
  • salvin francis
  • fred rosenberger

Integerating DWR with security logic

 
clojure forum advocate
Posts: 3479
Mac Objective C Clojure
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi.
I use the following technique in authenticating my users :
If there is an instance of Visit class in session scope, then the user is authenticated, no,he should be redirected to login page.
This technique is implemented using a servlet filter.
And ofcourse, the previous authentication is also applied to 'Add To Cart' opertaion.
Currently, I'm reimplementing 'Add To Cart' using Ajax (througnt DWR).
With DWR, I created a class called Service to add items to cart and in order to apply my desired authentication to Service class, I copied and pasted the authentication logic from the security filter to Service class.
So, do you suggest a way that doesn't duplicate the security logic twice ?
What about AOP (through Spring) ?
Yes, I know that DWR integerates well with JEE security roles, but I'm not using them.
 
drifter
Posts: 1364
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there some reason why you cannot use a servlet filter with the dwr requests since dwr uses a servlet?
[ January 31, 2007: Message edited by: Carol Enderlin ]
 
Hussein Baghdadi
clojure forum advocate
Posts: 3479
Mac Objective C Clojure
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, I tried the following :
I put some logging statement inside my filter, and mapped it to /dwr/* (the DWR servlet mapping) and as a result the log statement executed four times, once for each :
(the following is from details.jsp
<script type='text/javascript' src='/html/dwr/interface/tech.js'></script>
<script type='text/javascript' src='/html/dwr/interface/oper.js'></script>
<script type='text/javascript' src='/html/dwr/engine.js'></script>
<script type='text/javascript' src='/html/dwr/util.js'></script>
But actually nothing happened !
And when clicking on an ajaxified link (which it is a link supposed to trigger an operation guarded by the filter), the filter doesn't work.
Any ideas ?
 
Carol Enderlin
drifter
Posts: 1364
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Looking at the access logs, probably /dwr/exec/* would be better than /dwr/*. That's what my actual ajax calls have in them.

What do you mean by the filter doesn't work?
 
Hussein Baghdadi
clojure forum advocate
Posts: 3479
Mac Objective C Clojure
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


What do you mean by the filter doesn't work?


It doesn't forward the user to login page.
I kept the DWR servlet mapping to /dwr/* and changed the filter mapping to /dwr/exec/* and when clicking on the ajaxified link, the user didn't get forwarded to login.jsp
Snippets from the filter :

Side note : even DWR test page didn't behave correctly (just the loggin messages in the log file)
 
Carol Enderlin
drifter
Posts: 1364
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The ajax request may be forwarded to the login page, but that would not result in the effect you are looking for...it's not same as forwarding the user to the login page.
 
no wonder he is so sad, he hasn't seen this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!