• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Struts jsps in WEB-INF

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
I am trying to figure out how to implement authentication/redirecton with Struts. What I need is to have a bunch of static action mappings and in addition catch all other requests, forward them to a default servlet, and then check if the URL follows one of the patterns that are registered in the database as the dynamic URLs, in which case it is a certain “generic” action with the path being a parameter, or forward to some default location otherwise. In all of the above cases I want to execute the same authentication logic. Another trick is that the dynamic URLs can not be formatted as *.do, they need to be of a simpler format like http://www.mysite.com/sports. Is there a way to do all this with Struts? I was trying to follow the paradigm described at https://coderanch.com/t/45776/Struts/Struts-Workflow-Extension, but being new to struts, I can not figure out how to put it all together.
Any help will be greatly appreciated.
[ October 24, 2002: Message edited by: Natasha Krasnov ]
 
Ranch Hand
Posts: 567
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Natasha,
the appserver servlet mappings in web.xml should allow you to direct requests to your default servlet, while directing all requests with *.do (or whatever you specify) to the struts action servlet.
Your default servlet can then check with the database what to do with the request, perhaps forwarding it to struts.
The struts servlet will only be able to deal with the requests that you declared in struts-config.xml beforehand. These are your 'static action mappings'.
I would encapsulate the authentication/redirect logic in a class which both your default servlet and the struts action servlet can use.
Are you programming some sort of portal?

Adam
 
Natasha Krasnov
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is not really a portal, more of a straightforward site, there is just one page template which the user should be able to get to by typing general url+ theme (http://www.mysite.com/sports), and that template would be populated based on that theme.
If I declare a default action, wouldn’t it have to be referenced by http://www.mysite.com/sports.do (or some other pattern instead od .do) in order to be picked up as an action? It is important that the url has no repeating pattern in it other than the domain name, is it possible to define an action as just * (or/*?) so that all requests are picked up as actions?
Also, I have heard that in Struts 1.1 all jsps have to be accessed through actions ( http://www2.theserverside.com/resources/article.jsp?l=Struts1_1). Does this mean that even the first index.jsp page has to be accessed through a dummy empty action?
Thank you so much for your help!
Natasha
[ October 22, 2002: Message edited by: Natasha Krasnov ]
 
Adam Hardy
Ranch Hand
Posts: 567
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The servlet mappings are declarations in web.xml for the appserver, not for struts.

You must define a servlet declaration for your other non-struts default servlet, and as you guessed, map * to it, just like *.do is mapped to action. Put the mapping after the struts mapping. I've never tried it, but I think that should work.
Your default servlet won't do any actions like struts does. You'll have to program the doGet() method.
See what I mean?
Adam
Adam
 
Adam Hardy
Ranch Hand
Posts: 567
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
And about the direct requests to jsps being disallowed, that would not affect the login page if you program it without a html:form tag.
 
Natasha Krasnov
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Adam,
I was hoping to not have any non-struts servlets, and instead, say, have something like
servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
....blah blah
</servlet>

servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*</url-pattern>
</servlet-mapping>
in web.xml, so that I consistently use Struts throughout, and then declare a default action, which would catch all actions not explicitly defined in struts-config.xml, that would check with the database what to do with the request. But I am not sure if that would work with Struts… I’ll use your advice and make a separate servlet for now, thank you for your help.
 
Natasha Krasnov
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Adam, it all worked with * servlet mapping, thank you very much for your help.
Now I have a problem getting my jsps to show up if they are in WEB-INF.
Is there anything special I need to do for that? I have <web-uri>webapp</web-uri> in application.xml, then I put my pages into webapp/WEB_INF/jsp/… and reference them as follows:
<forward name="mypage" path="/WEB-INF/jsp/mypage.jsp"/>
However, when my action’s execute method tries to do
return mapping.findForward("mypage "), I get a 404 error.
Do I need to change anything in my struts-config.xml? I am using struts 1.1 and I only have one application (no subapplications), so I left all my struts settings as they were in 1.0.
Any thoughts would be greatly appreciated.
Natasha
[ October 24, 2002: Message edited by: Natasha Krasnov ]
 
Ranch Hand
Posts: 2166
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Natasha,
Its far more common to not put the jsp-files under WEB-INF, but in some directory
yourApp/jsp/
You might try this.

Files under WEB-INF are not served to clients if you try to access them directly. Only through request dispatcher. One can use this feature to prohibit direct access of client to the jsp.
Hm. But here they a.r.e called through a Request Dispatcher with struts forward action. Or is there a different mechanism at work?
 
Natasha Krasnov
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As I understand, Struts RequestProcessor does use RequestDispatcher’s forward in its process() method, and that is how the forward to the next page happens. So, according to what I know, this should work. I want to put my pages into WEB-INF to prevent users from accessing them directly and force everything to go through actions. I suppose this could be done through a security constraint on all jsps, but I have seen the recommendation to put jsps into WEB-INF enough times (see “Resources under WEB-INF” here for example http://www2.theserverside.com/resources/article.jsp?l=Struts1_1) to think that this should work and I am just missing some details.
Oh, I suppose I should mention that I am using Weblogic 7.0 in case it might have some relevance.
Thank you very much for your time.
Natasha
 
Adam Hardy
Ranch Hand
Posts: 567
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Natasha,
the syntax for the forward tag looks ok. What is the application.xml web-uri tag for? Never used it. Also you have a space in your code snippet above. Have you also got that in your java code? Might be a problem.
It should be OK if you're not using sub-apps. The info in the serverside link you mentioned about the controller element with sub-apps in struts-config makes it look complicated.
 
Natasha Krasnov
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
<web-uri> defines the location of a web module, I believe it is a Weblogic-specific element, and that is what the resource path is relative to.
No space in my actual code , so I can not understand why it doesn’t work.
I was trying to find further information on the controller element, but it seems like I do not need to add it, because all the defaults are supposed to work as the previous versions of struts, according to struts 1.1 dtd. The server side article mentions setting pagePattern and forwardPattern attributes of the <controller> element to "/WEB-INF/$A$P" (meaning, when assembling the path, first add “/WEB-INF/”, then the application prefix, and then the path), but I understand that without subapplications it should be the same as having default ($A$P) and starting the path itself with “/WEB-INF”. I tried both, however, and neither one works…
Natasha
 
Natasha Krasnov
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It seems like the answer is that Weblogic actually does not allow access to resources under WEB-INF even when using RequestDispatcher.
(see http://216.148.48.100/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.jsp&item=10172&utag=)
I guess I will have to settle for moving jsps out of WEB-INF and adding a CONFIDENTIAL security constraint for *.jsp.
Thank you very much for your help.
Natasha.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic