struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Graham" <dgraham1...@hotmail.com>
Subject Re: Struts Authentication Filter
Date Wed, 25 Sep 2002 20:58:34 GMT
Several options:
1. use the <filter-mapping> element to map your filter to the url patterns 
you want protected.  I haven't tried multiple mappings but I put all 
protected pages under a /secure directory and mapped it like this:
><filter-mapping>
>     <filter-name>authenticationFilter</filter-name>
>     <url-pattern>/secure/*</url-pattern>
></filter-mapping>

2. use the filter's init parameter but put a comma delimited list of pages 
in it.  then parse the list in your filter:
(i think something like this)
><filter>
>     <filter-name>authenticationFilter</filter-name>
>     <filter-class>AuthenticationFilter</filter-class>
      <init-param>
        <param-name>files</param-name>
        <param-value>/myjsp.jsp,/secure/file2.jsp</param-value>
      <init-param>
></filter>

3.  use the init param to tell your filter the location of a file that 
contains the list of urls to protect.  Then your filter would read the file 
and act like number 2.

Personally, I would go with number 1.

Dave





>From: "Mark Silva" <msilva@authenex.com>
>Reply-To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
>To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
>Subject: Struts Authentication Filter
>Date: Wed, 25 Sep 2002 12:03:53 -0700
>
>hello all,
>
>I am attempting to write an Authentication Filter (Servlet Filter) for my 
>Stuts App.  It is pretty simple so far.  it just checks to see if a User 
>has Authenticated yet (from the session), and if not calls sendRedirect on 
>the response.  code and xml below....
>
>		public void doFilter...
>		...
>		HttpSession  session  = request.getSession();
>
>		if(!SecurityManager.isUserAuthenticated(session))
>			response.sendRedirect("login.do");
>		else
>			chain.doFilter(request, response);
>
>
><filter>
>     <filter-name>authenticationFilter</filter-name>
>     <filter-class>AuthenticationFilter</filter-class>
></filter>
>
>
><filter-mapping>
>     <filter-name>authenticationFilter</filter-name>
>     <url-pattern>/*</url-pattern>
></filter-mapping>
>
>my question, is how i can give the filter a list of pages that are 
>unathenticated.  and to entend that idea, a list of pages that can only be 
>authenticated by an admin.  i have seen that the FilterConfig can be used 
>to get init parameters, but these only seem to be single values.  not a 
>list of potential URLs....  does any one have a solution to this problem?
>
>thanks,
>mark
>
>--
>To unsubscribe, e-mail:   
><mailto:struts-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: 
><mailto:struts-user-help@jakarta.apache.org>




_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message