Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How To Authenticate?

 
Anthony Watson
Ranch Hand
Posts: 327
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can I get the ActionServlet to forward to an Action only if the user has been authenticated and is in the correct security role as defined for the view in the web.xml file? Should I put this login checking functionality in the Action or the ActionServelt or somewhere else? Thanks.
 
brad balmer
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can think of two good places to put the check.
Based on the security role (request.isUserInRole(XXX)) you could either NOT even give the user the opportunity to see the button/link on the jsp page or add it to the Action and have this be the first thing looked at.
You might be able to get fancy and extend the standard Action class for specific instances and add the role checking in automatically, but that may be overkill or a bad design.
 
Anthony Watson
Ranch Hand
Posts: 327
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm basically just asking how to use declarative security with Struts. Any suggestions or ideas?
 
Gregg Bolinger
Ranch Hand
Posts: 15304
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would use a ServletFilter.
 
frisode jonge
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My two cents....
on page http://jakarta.apache.org/struts/userGuide/building_controller.html
you will find a discussion on requestprocessor and how to use it.
The RequestProcessor is where the majority of the core processing occurs for each request. Take a look, override the current requestprocessor and put a System.out.println(), or a Log.debug() in each method.
Also in the ActionMappings in struts.config.xml you can add roles to the actions. In the processroles method you can check the person and the role it has against the roles in the action (the .do) and return a true or a false. If it is a false (not authorized) you can add a general error page saying no access, and otherwise you return true and processing continues.
its just another way to do what you describe, but is it mentioned in the book ?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic