Let's say I have a jsp page that I want to be secure, aka you have to be logged in to visit. For all of the secure pages that actually require some work to be done, this is ok, because the workflow is: 1) Click link to secure page, "/secure-page", 2) This triggers action SecurePage.java 3)Then successfully direct to /secure-page.jsp. The action is intercepted by the interceptor and I can be checked if I'm authenticated.
Some pages however, don't need any work to be done so there isn't a need for a class. In non secure cases this is fine. Click link to "/insecure-page" and the result is "/insecure-page.jsp". In secure cases, I don't want "/secure-page" to go to "/secure-page.jsp" but I also don't want to make an empty action class for every page JUST so that an interceptor can say, "hey that action is being fired but we're not logged in, redirect to login page".
Is this possible? The book I'm reading uses empty classes to solve this problem and I'm not a huge fan.
Is that an alternative to interceptor based authentication? Sorry for sounding dumb, I'm just reading through a book and that's one of the first things I learned.
I assume this "security filter" is for login/authentication? Let's say I'm not logging into a site but for some reason or another I do need a custom interceptor. I want this custom interceptor to be invoked when I try to access a certain jsp but without creating a class. Is that possible? I don't know when or why I would need to do this, I'm just curious.
I also can't seem to find documentation on that website as to how to use this but maybe I'm just not looking hard enough.
Yes I understand that. My question however, has to do with the absence of a specific action. For example, let's say I have a form that the user needs to fill out, but I only want users that are logged into be able to access this form. There's no real logic involved in producing the form, it's just a .jsp page, but in order to make sure that only logged in users can get to this jsp page, using interceptors and packages, I still am forced to create a class, an empty one with no code in it, just so that when I type /secure-form, I first hit SecureForm.java, which triggers the interceptor to fire.
It seems like I have a limited number of options to deal with this problem and I don't particularly like any of them.
1) Make a class to back up ever single jsp that I have in a secure location. That just seems redundant and overkill.
2) Create a filter on all pages that I need in a secure location. That seems like a good idea at first but I'm not really sure of the difference between filters and interceptors, except that filters can act on URLs and actions, and interceptors can only work on actions. From that it seems that filters are better than interceptors, but the book I'm reading seems to be big on struts 2's interceptors. So there must be a reason for them.
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop