• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Struts Session Validation Best Practices

 
Ranch Hand
Posts: 181
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have an application where many of the actions require session validation (i.e. the user has successfully logged in), and there are other actions that do not require validation. Currently, I have the actions that require session validation extend a custom class (that extend Action and where the session validation is done in a preprocess method). The actions that do not require validation, simply extend Action.

This doesn't seem 100% correct because the idea behind struts is to have the configurable options defined in struts-config. What are the best practices for this? I can add a flag in the "param" attribute of the action mapping in struts-config to define if the action requires authentication, and I want to avoid having to add my own "requires-authentication" flag in struts-config because that would mean having to modify the struts source code. I'm sure this is a common issue in many web applications and I was wondering what the best way to solve this would be. Thanks.
 
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I can add a flag in the "param" attribute of the action mapping in struts-config to define if the action requires authentication



I think this is a very good idea, although the attribute you're speaking of is "parameter", not "param". Just make all your Action classes extend your base class and use this value to determine whether or not to require a login before proceeding.
 
Ranch Hand
Posts: 948
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What you are proposing seems like a good idea. The only issue that I would say is that you only have one "parameter" attribute so if some of your actions are already using that attribute you might have to rework your code. Also, some of the Struts actions, such as DispatchAction, require the use of the parameter attribute.

It is actually pretty easy to create your own custom ActionMapping class:
1) Create a class the extends ActionMapping (or RequestActionMapping). To this class add simple properties with get and set methods. (see example below)
2) Specify this class as the type parameter of the action-mappings tag:

3) For each action definition, use the set-property (not needed if you want to use the default value):

4) In your Action class, cast the ActionMapping parameter of the execute method to your custom class so you can access the properties.

Here is an example of a custom class that I created. The idea was to be able to configure classes that needed to use tokens to prevent double submissions. I never got that part fully working, but the custom mapping works fine. RequestActionMapping is built in class that defaults the scope to "request" if not specified.


- Brent
 
Dom Lassy
Ranch Hand
Posts: 181
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That is exactly what I was looking for. I appreciate the help.
 
There's a way to do it better - find it. -Edison. A better tiny ad:
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth
https://coderanch.com/t/751654/free-earth-friendly-heat-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic