I have an application where many of the actions require session validation (i.e. the user has successfully logged in), and there are other actions that do not require validation. Currently, I have the actions that require session validation extend a custom class (that extend Action and where the session validation is done in a preprocess method). The actions that do not require validation, simply extend Action.
This doesn't seem 100% correct because the idea behind struts is to have the configurable options defined in struts-config. What are the best practices for this? I can add a flag in the "param" attribute of the action mapping in struts-config to define if the action requires authentication, and I want to avoid having to add my own "requires-authentication" flag in struts-config because that would mean having to modify the struts source code. I'm sure this is a common issue in many web applications and I was wondering what the best way to solve this would be. Thanks.
I can add a flag in the "param" attribute of the action mapping in struts-config to define if the action requires authentication
I think this is a very good idea, although the attribute you're speaking of is "parameter", not "param". Just make all your Action classes extend your base class and use this value to determine whether or not to require a login before proceeding.
What you are proposing seems like a good idea. The only issue that I would say is that you only have one "parameter" attribute so if some of your actions are already using that attribute you might have to rework your code. Also, some of the Struts actions, such as DispatchAction, require the use of the parameter attribute.
It is actually pretty easy to create your own custom ActionMapping class: 1) Create a class the extends ActionMapping (or RequestActionMapping). To this class add simple properties with get and set methods. (see example below) 2) Specify this class as the type parameter of the action-mappings tag:
3) For each action definition, use the set-property (not needed if you want to use the default value):
4) In your Action class, cast the ActionMapping parameter of the execute method to your custom class so you can access the properties.
Here is an example of a custom class that I created. The idea was to be able to configure classes that needed to use tokens to prevent double submissions. I never got that part fully working, but the custom mapping works fine. RequestActionMapping is built in class that defaults the scope to "request" if not specified.