• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Integerating DWR with security logic

 
clojure forum advocate
Posts: 3479
Mac Objective C Clojure
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi.
I use the following technique in authenticating my users :
If there is an instance of Visit class in session scope, then the user is authenticated, no,he should be redirected to login page.
This technique is implemented using a servlet filter.
And ofcourse, the previous authentication is also applied to 'Add To Cart' opertaion.
Currently, I'm reimplementing 'Add To Cart' using Ajax (througnt DWR).
With DWR, I created a class called Service to add items to cart and in order to apply my desired authentication to Service class, I copied and pasted the authentication logic from the security filter to Service class.
So, do you suggest a way that doesn't duplicate the security logic twice ?
What about AOP (through Spring) ?
Yes, I know that DWR integerates well with JEE security roles, but I'm not using them.
 
drifter
Posts: 1364
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there some reason why you cannot use a servlet filter with the dwr requests since dwr uses a servlet?
[ January 31, 2007: Message edited by: Carol Enderlin ]
 
Hussein Baghdadi
clojure forum advocate
Posts: 3479
Mac Objective C Clojure
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, I tried the following :
I put some logging statement inside my filter, and mapped it to /dwr/* (the DWR servlet mapping) and as a result the log statement executed four times, once for each :
(the following is from details.jsp
<script type='text/javascript' src='/html/dwr/interface/tech.js'></script>
<script type='text/javascript' src='/html/dwr/interface/oper.js'></script>
<script type='text/javascript' src='/html/dwr/engine.js'></script>
<script type='text/javascript' src='/html/dwr/util.js'></script>
But actually nothing happened !
And when clicking on an ajaxified link (which it is a link supposed to trigger an operation guarded by the filter), the filter doesn't work.
Any ideas ?
 
Carol Enderlin
drifter
Posts: 1364
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Looking at the access logs, probably /dwr/exec/* would be better than /dwr/*. That's what my actual ajax calls have in them.

What do you mean by the filter doesn't work?
 
Hussein Baghdadi
clojure forum advocate
Posts: 3479
Mac Objective C Clojure
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


What do you mean by the filter doesn't work?


It doesn't forward the user to login page.
I kept the DWR servlet mapping to /dwr/* and changed the filter mapping to /dwr/exec/* and when clicking on the ajaxified link, the user didn't get forwarded to login.jsp
Snippets from the filter :

Side note : even DWR test page didn't behave correctly (just the loggin messages in the log file)
 
Carol Enderlin
drifter
Posts: 1364
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The ajax request may be forwarded to the login page, but that would not result in the effect you are looking for...it's not same as forwarding the user to the login page.
 
reply
    Bookmark Topic Watch Topic
  • New Topic