RE: How does ActionForm data pass through container called form based login page?
Well I've just simplified by login form - plain html - no struts stuff going on. I've also simplified the filter so detects a fresh logon and starts a session accordingly - no longer any redirecting to LoginAction. However the critical behaviour is still the same - existingCustomerForm - the one I need to survive the login process still ends up getting trashed. I'm wondering if I have to make every form (that might span a session timeout) part of the login page so that it stays alive - this sounds like a ridiculous solution. Has anyone else got a solution? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 09:41 To: [EMAIL PROTECTED] Subject: How does ActionForm data pass through container called form based login page? Hi, Suppose I've got a web based form that posts data to an action, and I have that action protected by container form based authorization - how does the ActionForm data get through. I have a situation like this, and my ActionForm is empty after I've been through the form-based login page. One could say - stick the input form in the constrained area also, so the login page doesn't come between the input form and the action that processes it - but this is actually occurring when a session times out whilst sitting at the input form. Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
At 1:59 PM + 3/26/04, Martin Alley wrote: Well I've just simplified by login form - plain html - no struts stuff going on. I've also simplified the filter so detects a fresh logon and starts a session accordingly - no longer any redirecting to LoginAction. However the critical behaviour is still the same - existingCustomerForm - the one I need to survive the login process still ends up getting trashed. I'm wondering if I have to make every form (that might span a session timeout) part of the login page so that it stays alive - this sounds like a ridiculous solution. Has anyone else got a solution? It may be a little ridiculous, but if the security implementation doesn't pass along form data when it forwards to the intended destination, then there's not much you can do about it. I'm assuming that the container is intercepting before Struts ever gets a chance to create an ActionForm based on the submission, so I don't think that making them session scoped is likely to help. This probably doesn't constitute a solution, but perhaps extending the session timeout would help a bit. Perhaps you could come up with some kind of javascript hack which calls a URL against the struts app periodically to keep the session alive? Joe -- Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining. -- Jef Raskin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
Hi Joe, I might be able to put some general code in the login form (as a jsp) that puts all form data present in the previous page into the login form so it could be passed on, but that will still leave the problem of the method becomes GET instead of POST. I'm really hoping there's a more elegant solution - after this technology's been around for a while! Thanks Martin -Original Message- From: Joe Germuska [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 14:21 To: Struts Users Mailing List Subject: RE: How does ActionForm data pass through container called form based login page? At 1:59 PM + 3/26/04, Martin Alley wrote: Well I've just simplified by login form - plain html - no struts stuff going on. I've also simplified the filter so detects a fresh logon and starts a session accordingly - no longer any redirecting to LoginAction. However the critical behaviour is still the same - existingCustomerForm - the one I need to survive the login process still ends up getting trashed. I'm wondering if I have to make every form (that might span a session timeout) part of the login page so that it stays alive - this sounds like a ridiculous solution. Has anyone else got a solution? It may be a little ridiculous, but if the security implementation doesn't pass along form data when it forwards to the intended destination, then there's not much you can do about it. I'm assuming that the container is intercepting before Struts ever gets a chance to create an ActionForm based on the submission, so I don't think that making them session scoped is likely to help. This probably doesn't constitute a solution, but perhaps extending the session timeout would help a bit. Perhaps you could come up with some kind of javascript hack which calls a URL against the struts app periodically to keep the session alive? Joe -- Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining. -- Jef Raskin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
I might be able to put some general code in the login form (as a jsp) that puts all form data present in the previous page into the login form so it could be passed on, but that will still leave the problem of the method becomes GET instead of POST. I'm really hoping there's a more elegant solution - after this technology's been around for a while! Yeah, but there are some basic limitations to the container managed security model, and I haven't heard any signs that they are being addressed. For example, container managed security doesn't allow you to present a login form to a user as a component of any page besides the single registered form, and it doesn't allow you to server resources from one path with two different states, user authorized or not authorized... Both of those are standard in modern webapps, but there's no clean way to handle them using container managed security. (I saw a JDJ article last year that had some work arounds...) So that said, it may not be surprising that the container managed security model also has no support for continuing the flow of request data to the originally requested URL after logging in. Joe -- Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining. -- Jef Raskin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
Paddy, Looks like you've been here before!! :-) It'll take me a bit of time to digest this, but I'll have a look. Does this actually work for you? Thanks Martin -Original Message- From: Pady Srinivasan [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 15:21 To: Struts Users Mailing List Subject: RE: How does ActionForm data pass through container called form based login page? This is the only solution I can think of: public class RedirectServletRequest extends HttpServletRequest { public RedirectServletRequest(HttpServletRequest req) { this.request = req; } public String getParameter(String name) { if ( request.getParameter(name) == null ) { String paramVal = (String)request.getSession(). getAttribute(TEMP_SAVED_PARAM); request.getSession().removeAttribute(TEMP_SAVED_PARAM); return paramVal; } return (String)request.getParameter(name); } // override all other methods using the delegate request } public class RedirectActionServlet extends ActionServlet { public void doPost(HttpServletRequest request, ...) { process(new RedirectActionServlet(request), response); } public void doGet(HttpServletRequest request, ...) { process(new RedirectActionServlet(request), response); } } public class LoginFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; ServletContext context = filterConfig.getServletContext(); If ( !loggedIn ) { // save all parameters to session // save current URI as REDIRECT_URI in session // redirect to login action } } public class LoginAction extends Action { public void execute(...) { // do login // login success // redirect to REDIRECT_URI } } Thanks -- pady [EMAIL PROTECTED] -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 8:59 AM To: 'Struts Users Mailing List' Subject: RE: How does ActionForm data pass through container called form based login page? Well I've just simplified by login form - plain html - no struts stuff going on. I've also simplified the filter so detects a fresh logon and starts a session accordingly - no longer any redirecting to LoginAction. However the critical behaviour is still the same - existingCustomerForm - the one I need to survive the login process still ends up getting trashed. I'm wondering if I have to make every form (that might span a session timeout) part of the login page so that it stays alive - this sounds like a ridiculous solution. Has anyone else got a solution? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 09:41 To: [EMAIL PROTECTED] Subject: How does ActionForm data pass through container called form based login page? Hi, Suppose I've got a web based form that posts data to an action, and I have that action protected by container form based authorization - how does the ActionForm data get through. I have a situation like this, and my ActionForm is empty after I've been through the form-based login page. One could say - stick the input form in the constrained area also, so the login page doesn't come between the input form and the action that processes it - but this is actually occurring when a session times out whilst sitting at the input form. Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This e-mail has been scanned by the Heroix e-mail security system __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
I think I need to do some simple test cases - with and without struts. Martin -Original Message- From: Joe Germuska [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 15:20 To: Struts Users Mailing List Subject: RE: How does ActionForm data pass through container called form based login page? I might be able to put some general code in the login form (as a jsp) that puts all form data present in the previous page into the login form so it could be passed on, but that will still leave the problem of the method becomes GET instead of POST. I'm really hoping there's a more elegant solution - after this technology's been around for a while! Yeah, but there are some basic limitations to the container managed security model, and I haven't heard any signs that they are being addressed. For example, container managed security doesn't allow you to present a login form to a user as a component of any page besides the single registered form, and it doesn't allow you to server resources from one path with two different states, user authorized or not authorized... Both of those are standard in modern webapps, but there's no clean way to handle them using container managed security. (I saw a JDJ article last year that had some work arounds...) So that said, it may not be surprising that the container managed security model also has no support for continuing the flow of request data to the originally requested URL after logging in. Joe -- Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining. -- Jef Raskin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
I'll be very interested to here the outcome... Thanks Martin -Original Message- From: Pady Srinivasan [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 16:07 To: Struts Users Mailing List Subject: RE: How does ActionForm data pass through container called form based login page? We were going to implement this today or early next week :-)...looking at the code, I feel you don't need to extend ActionServlet at all. Instead the filter will create the request before forwarding to the ActionServlet. public class LoginFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; ServletContext context = filterConfig.getServletContext(); If ( !loggedIn ) { // save all parameters to session // save current URI as REDIRECT_URI in session // redirect to login action } else if ( redirectUriIsSet ) { RedirectServletRequest newreq = new RedirectServletRequest(request); Chain.doFilter(newreq, response); } } Thanks -- pady [EMAIL PROTECTED] -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 10:35 AM To: 'Struts Users Mailing List' Subject: RE: How does ActionForm data pass through container called form based login page? Paddy, Looks like you've been here before!! :-) It'll take me a bit of time to digest this, but I'll have a look. Does this actually work for you? Thanks Martin -Original Message- From: Pady Srinivasan [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 15:21 To: Struts Users Mailing List Subject: RE: How does ActionForm data pass through container called form based login page? This is the only solution I can think of: public class RedirectServletRequest extends HttpServletRequest { public RedirectServletRequest(HttpServletRequest req) { this.request = req; } public String getParameter(String name) { if ( request.getParameter(name) == null ) { String paramVal = (String)request.getSession(). getAttribute(TEMP_SAVED_PARAM); request.getSession().removeAttribute(TEMP_SAVED_PARAM); return paramVal; } return (String)request.getParameter(name); } // override all other methods using the delegate request } public class RedirectActionServlet extends ActionServlet { public void doPost(HttpServletRequest request, ...) { process(new RedirectActionServlet(request), response); } public void doGet(HttpServletRequest request, ...) { process(new RedirectActionServlet(request), response); } } public class LoginFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; ServletContext context = filterConfig.getServletContext(); If ( !loggedIn ) { // save all parameters to session // save current URI as REDIRECT_URI in session // redirect to login action } } public class LoginAction extends Action { public void execute(...) { // do login // login success // redirect to REDIRECT_URI } } Thanks -- pady [EMAIL PROTECTED] -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 8:59 AM To: 'Struts Users Mailing List' Subject: RE: How does ActionForm data pass through container called form based login page? Well I've just simplified by login form - plain html - no struts stuff going on. I've also simplified the filter so detects a fresh logon and starts a session accordingly - no longer any redirecting to LoginAction. However the critical behaviour is still the same - existingCustomerForm - the one I need to survive the login process still ends up getting trashed. I'm wondering if I have to make every form (that might span a session timeout) part of the login page so that it stays alive - this sounds like a ridiculous solution. Has anyone else got a solution? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 09:41 To: [EMAIL PROTECTED] Subject: How does ActionForm data pass through container called form based login page? Hi, Suppose I've got a web based form that posts data to an action, and I have that action protected by container form based authorization - how does the ActionForm data get through. I have a situation like