struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gvanma...@comcast.net (Gary VanMatre)
Subject RE: Acegi with shale and clay
Date Mon, 24 Apr 2006 18:29:36 GMT
I think this one has come up in discussion before.  It's really more of a JSF issue.  There
is an open ticket for a new shale feature that would allow plugging in security in a custom
navigation handler.

http://issues.apache.org/struts/browse/STR-2788

Gary

-------------- Original message -------------- 
From: "Ian.Priest" <Ian.Priest@opsera.com> 

> The main problem with that solution is that I'd rather not have to use 
> redirect everywhere as it will affect performance. 
> 
> Secondly, how would I configure the navigation rule? 
> 
> My current view is /welcome.html so that's easy 
> 
> 
> /welcome.html 
> 
> My navigation case outcome is dialog:secure... 
> 
> 
> dialog:secure 
> 
> 
> But what is my to-view id? Is it the first page of the dialog? 
> 
> /secure/page1.html 
> 
> That can't be right as my dialog starts with an action rather than a 
> page view... 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> ... 
> 
> So my to-view-id would somehow have to refer to the action that starts 
> the dialog. Is that possible? 
> 
> Athird issue here is that (I believe) DialogNavigationHandler intercepts 
> the outcome of dialog:secure and deals with it, so the navigation case 
> is never invoked anyway? 
> 
> Cheers, 
> Ian. 
> 
> 
> -----Original Message----- 
> From: hermod.opstvedt@dnbnor.no [mailto:hermod.opstvedt@dnbnor.no] 
> Sent: 24 April 2006 12:53 
> To: user@struts.apache.org 
> Subject: RE: Acegi with shale and clay 
> 
> Hi 
> 
> Have you tried to define a navigation rule, and add to that 
> rule ? 
> 
> Hermod 
> 
> -----Original Message----- 
> From: Ian.Priest [mailto:Ian.Priest@opsera.com] 
> Sent: Monday, April 24, 2006 1:28 PM 
> To: Struts Users Mailing List 
> Subject: Acegi with shale and clay 
> 
> 
> Hi, 
> 
> I'm using Shale/Clay to create an application. I'd like to protect the 
> app with acegi's URL protection but I don't see a way to integrate with 
> the response rendering. 
> 
> Here's an example: (all pages are rendered via Clay full html). I have 
> the structure 
> 
> /welcome.html 
> /logon.html 
> /secure/page1.html 
> /secure/page2.html 
> 
> the secure pages should only be accessable by those who have logged on 
> using logon.html. The secure/.. Pages are defined as a dialog called 
> "secure". 
> 
> In welcome.html i have an actionlink whose action is dialog:Secure 
> 
> I configure acegi to protect urls as follows: 
> 
> > class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> 
> 
> 
> 
> 
> 
> 
> 
> 
> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 
> PATTERN_TYPE_APACHE_ANT 
> /secure/**=ROLE_USER 
> /**=ROLE_ANONYMOUS 
> 
> 
> 
> 
> If I now hit my application at welcome.html I'm assigned role ANONYMOUS 
> and all is well. However, if I click on the link to the "secure" dialog 
> acegi doesn't redirect me to logon.html. The request generated when I 
> click on the actionlink appears to be a request for /welcome.html which 
> acegi says it's ok to access anonymously. Shale's dialog manager then 
> works out that the action is dialog:Secure and causes page1 of that 
> dialog to render, apparently without doing either a forward or a rediect 
> to /secure/page1.html. (In web.xml I have the mapping to acegi as 
> follows: 
> 
> Acegi Filter Chain Proxy 
> /* 
> FORWARD 
> REQUEST 
> 
> So forwards should also fire the filter). 
> That means acegi never has a chance to intercept the request. (Once I'm 
> in the dialog on page1.html, if I click on the next button I am 
> redirected to the logon.html page - acegi correctly intercepts the 
> /secure/page1.html request that is made). 
> 
> How can I intercept Shale's page building and view rendering mechanisms 
> to ensure that my site's urls are secured correctly? 
> 
> Cheers, 
> Ian. 
> 
> 
> 
> --------------------------------------------------------------------- 
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org 
> For additional commands, e-mail: user-help@struts.apache.org 
> 
> 
> 
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
> * * 
> 
> This email with attachments is solely for the use of the individual or 
> entity to whom it is addressed. Please also be aware that the DnB NOR 
> Group cannot accept any payment orders or other legally binding 
> correspondence with customers as a part of an email. 
> 
> This email message has been virus checked by the virus programs used in 
> the DnB NOR Group. 
> 
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
> * * 
> 
> 
> --------------------------------------------------------------------- 
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org 
> For additional commands, e-mail: user-help@struts.apache.org 
> 
> 
> 
> 
> --------------------------------------------------------------------- 
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org 
> For additional commands, e-mail: user-help@struts.apache.org 
> 
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message