struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Raeburn" <st...@ninsky.com>
Subject RE: Looking for ideas for action servlet checking for logged in user.
Date Tue, 24 Jun 2003 21:18:04 GMT
Take a look at http://securityfilter.sourceforge.net/. I've just started
using it in a struts app. I haven't ironed out all the kinks in integrating
with Struts yet but it looks really useful.

Steve

> -----Original Message-----
> From: Varun Garg [mailto:varun_garg@yahoo.com]
> Sent: June 24, 2003 2:09 PM
> To: 'Struts Users Mailing List'
> Subject: RE: Looking for ideas for action servlet checking for logged in
> user.
>
>
> One way I did in the past was using a Servlet Filter where I would read
> a file to see what action is authorized to what role.
>
> I created a file with the mapping of path's to roles.
>
>
>
>
> -----Original Message-----
> From: henrik.bentel@teradyne.com [mailto:henrik.bentel@teradyne.com]
> Sent: Tuesday, June 24, 2003 3:59 PM
> To: struts-user@jakarta.apache.org
> Subject: Looking for ideas for action servlet checking for logged in
> user.
>
>
> I have a webapp which have several pages which require the user to be
> logged in(have a httpSession with a "usercontainer" object stored) , and
> a few pages that doesn't require a log in(the log-in page, references,
> indexes...). All pages are fronted by actions. My current solution is to
> check for valid login in every action class that needs to protect its
> invocation. That seems tedious. I though about extending the action
> servlet to do it, but then it would check for all requests. And I do
> want to distinguish between if the user is
> authorized(isUSerInRole) and if he/she is even logged in, so I can't use
> the role parameter in the action element.
>
> My next idea is extending the action servlet pluss adding parameters
> that can go into the action element in the struts-config.xml file. (some
> thing like <action path="/doImportantAction" type="my.actionClass"
> usersession="true"> ) This would require my action servlet to know about
> my userContainer stored in the httpsession. Pluss modifying the
> struts-config file. I haven't looked into how hard this is, figure I'd
> ask someone who's run into this before.
>
> Any other good approaches, or should I just stick with what I got?(check
> individually in every action)
>
> thanks,
> Henrik Bentel
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message