struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonio Sánchez <juntandolin...@gmail.com>
Subject Re: S2 custom authentication: remembering original request
Date Wed, 10 Jul 2013 13:40:55 GMT
El Miércoles, 10 de julio de 2013 13:00:44 CRANFORD, CHRIS escribió:
> It should definitely be possible because what you described is out of the box functionality
in Spring Security where their concept of intercepters is a filter.

How can I remember the original request? Piece by piece? I can only think of storing in session
original headers, parameters, inputstream... 

This is not a rare use case. For example, using the system for uploading a picture, the user
clicks submit but authentication is required for this operation. After successful authentication,
the original request is processed (with original form an picture bytes), the user needs not
to fill any form nor to select again the picture. 

> 
> I would recommend that if you need a complete authentication and permissions checking
functionality to look into Spring Security.  We have used it for quite a while to protect
various resources and method invocations on per user and per role validations and has allowed
us to focus time elsewhere in development.

This is not a real scenario. In a real scenario I would use container managed security or
Spring Security. I am just learning Struts and exploring its capabilities. How would a Struts
developer implement a use case like this?

> 
> Sent from my Verizon Wireless BlackBerry
> 
> -----Original Message-----
> From: Antonio Sánchez <juntandolineas@gmail.com>
> Date: Wed, 10 Jul 2013 14:27:29 
> To: Struts Users Mailing List<user@struts.apache.org>
> Reply-To: Struts Users Mailing List <user@struts.apache.org>
> Subject: S2 custom authentication: remembering original request
> 
> Use Case: request some protected resource -> redirect action for authentication ->
access protected resource. 
> 
> I'm using a custom interceptor that redirects (redirectAction) to a global result if
no user object is found in session. The final action result then redirects to a login page.

> 
> The interceptor gets the original action requested (using request.getServletPath(), but
not sure if this is right), and puts it in the value stack. It would be used with dynamic
redirection in the final result upon login success( ${nextAction} ) . This action must be
passed in between redirections. 
> 
> But I need to reuse the original request. Reconstructing the request with a query string
is not an option. I need the original request: GET/POST method, all parameters/values, maybe
uploading binary content (inputstream), maybe headers...
> 
> Is it possible to do this? How?
> 
> ------
> 
> Partially related to this: I'm having problems with redirections. The original request
parameters are forwarded only using dispatcher result . If I use redirectAction or redirect,
original params are lost. Why?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 
> 
> Email secured by Check Point
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message