This week's book giveaway is in the Reactive Progamming forum.
We're giving away four copies of Reactive Streams in Java: Concurrency with RxJava, Reactor, and Akka Streams and have Adam Davis on-line!
See this thread for details.
Win a copy of Reactive Streams in Java: Concurrency with RxJava, Reactor, and Akka Streams this week in the Reactive Progamming forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar

How To Authenticate?

 
Ranch Hand
Posts: 327
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can I get the ActionServlet to forward to an Action only if the user has been authenticated and is in the correct security role as defined for the view in the web.xml file? Should I put this login checking functionality in the Action or the ActionServelt or somewhere else? Thanks.
 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can think of two good places to put the check.
Based on the security role (request.isUserInRole(XXX)) you could either NOT even give the user the opportunity to see the button/link on the jsp page or add it to the Action and have this be the first thing looked at.
You might be able to get fancy and extend the standard Action class for specific instances and add the role checking in automatically, but that may be overkill or a bad design.
 
Anthony Watson
Ranch Hand
Posts: 327
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm basically just asking how to use declarative security with Struts. Any suggestions or ideas?
 
Ranch Hand
Posts: 15304
6
Mac OS X IntelliJ IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would use a ServletFilter.
 
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My two cents....
on page http://jakarta.apache.org/struts/userGuide/building_controller.html
you will find a discussion on requestprocessor and how to use it.
The RequestProcessor is where the majority of the core processing occurs for each request. Take a look, override the current requestprocessor and put a System.out.println(), or a Log.debug() in each method.
Also in the ActionMappings in struts.config.xml you can add roles to the actions. In the processroles method you can check the person and the role it has against the roles in the action (the .do) and return a true or a false. If it is a false (not authorized) you can add a general error page saying no access, and otherwise you return true and processing continues.
its just another way to do what you describe, but is it mentioned in the book ?
 
Screaming fools! It's nothing more than a tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!