aspose file tools*
The moose likes Struts and the fly likes Struts 2: Customizing interceptor stacks Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts 2: Customizing interceptor stacks" Watch "Struts 2: Customizing interceptor stacks" New topic
Author

Struts 2: Customizing interceptor stacks

Eric Nielsen
Ranch Hand

Joined: Dec 14, 2004
Posts: 194
I've noticed that the two currently published books take a very different approach to interceptor stacks.

Struts 2: A Tutorial: Seems to advocate building up an interceptor stack that works for the vast majority of your application and avoids special casing extra stacks unless absolutely required (and the custom stacks being incompatible with the primary stack).

Practical Apache Struts 2: Seems to advocate building custom stacks for just about every action. It was hard to tell is this was a pedagogical teaching tool, or actual design advice. (Feels like premature optimization at the expense of maintainability/comprehensiability)

Where do the authors of Struts 2 in Action fall on this topic?
chad michael davis
Author
Greenhorn

Joined: Mar 01, 2006
Posts: 27
I would definitely recommend against making new stacks for everything. I find it hard to believe that very many actions, or packages of actions, need a different stack than the rest.

There has been some discussion of performance issues related to unused interceptors in stacks, but I think the general consensus is that its not an issue.

We certainly show a conservative use of stack building in Struts 2 in Action. One of the biggest issues is that you will make troubleshooting very difficult the more you toy with the stack.

But this doesn't mean that you shoudl be scared of interceptors. We also encourage the creation of your own interceptors, and we show how to do that by demoing an "application" level authentication mechanism done in a custom interceptor.


Chad Davis<br />Co-author of Struts 2 in Action
Eric Nielsen
Ranch Hand

Joined: Dec 14, 2004
Posts: 194
Yeah, I've already adding three custom interceptors in my apps:

for authentication: (checks for the presence of a @Unprotected annotation on the action, if the annotation is NOT present, redirects to a login page if the user isn't logged in)

for authorization (checks the users roles against the parameters of an @AllowAccessTo annoation on the action, if fail redirect to a access denied page -- defaults to the admin role only if the annotation isn't present)

for user rehydration -- re-attach the logged in use to the persistence session

The first two help to create a "Secure By Default" approach -- the annotations are not inherited and unless they are present the actions are logged in, super-user only.
Chengwei Lee
Ranch Hand

Joined: Apr 02, 2004
Posts: 884
Yeah, I've already adding three custom interceptors in my apps:

for authentication: (checks for the presence of a @Unprotected annotation on the action, if the annotation is NOT present, redirects to a login page if the user isn't logged in)

for authorization (checks the users roles against the parameters of an @AllowAccessTo annoation on the action, if fail redirect to a access denied page -- defaults to the admin role only if the annotation isn't present)

for user rehydration -- re-attach the logged in use to the persistence session.


Why not add audit trail to your list?



SCJP 1.4 * SCWCD 1.4 * SCBCD 1.3 * SCJA 1.0 * TOGAF 8
Eric Nielsen
Ranch Hand

Joined: Dec 14, 2004
Posts: 194
because I haven't had that as a requirement, yet
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Struts 2: Customizing interceptor stacks