subject:"RE\: How does ActionForm data pass through container called form based login page\?"

RE: How does ActionForm data pass through container called form based login page?

2004-03-26 Thread Martin Alley

Well I've just simplified by login form  - plain html - no struts stuff
going on.

I've also simplified the filter so detects a fresh logon and starts a
session accordingly - no longer any redirecting to LoginAction.

However the critical behaviour is still the same - existingCustomerForm
- the one I need to survive the login process still ends up getting
trashed.

I'm wondering if I have to make every form (that might span a session
timeout) part of the login page so that it stays alive - this sounds
like a ridiculous solution.  Has anyone else got a solution?

Thanks
Martin

-Original Message-
From: Martin Alley [mailto:[EMAIL PROTECTED] 
Sent: 26 March 2004 09:41
To: [EMAIL PROTECTED]
Subject: How does ActionForm data pass through container called form
based login page?

Hi,

Suppose I've got a web based form that posts data to an action, and I
have that action protected by container form based authorization - how
does the ActionForm data get through.

I have a situation like this, and my ActionForm is empty after I've been
through the form-based login page.

One could say - stick the input form in the constrained area also, so
the login page doesn't come between the input form and the action that
processes it - but this is actually occurring when a session times out
whilst sitting at the input form.

Thanks
Martin




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: How does ActionForm data pass through container called form based login page?

2004-03-26 Thread Joe Germuska

At 1:59 PM + 3/26/04, Martin Alley wrote:
Well I've just simplified by login form  - plain html - no struts stuff
going on.
I've also simplified the filter so detects a fresh logon and starts a
session accordingly - no longer any redirecting to LoginAction.
However the critical behaviour is still the same - existingCustomerForm
- the one I need to survive the login process still ends up getting
trashed.
I'm wondering if I have to make every form (that might span a session
timeout) part of the login page so that it stays alive - this sounds
like a ridiculous solution.  Has anyone else got a solution?
It may be a little ridiculous, but if the security implementation 
doesn't pass along form data when it forwards to the intended 
destination, then there's not much you can do about it.

I'm assuming that the container is intercepting before Struts ever 
gets a chance to create an ActionForm based on the submission, so I 
don't think that making them session scoped is likely to help.

This probably doesn't constitute a solution, but perhaps extending 
the session timeout would help a bit.  Perhaps you could come up with 
some kind of javascript hack which calls a URL against the struts app 
periodically to keep the session alive?

Joe
--
Joe Germuska
[EMAIL PROTECTED]  
http://blog.germuska.com
  Imagine if every Thursday your shoes exploded if you tied them 
the usual way.  This happens to us all the time with computers, and 
nobody thinks of complaining.
-- Jef Raskin

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: How does ActionForm data pass through container called form based login page?

2004-03-26 Thread Martin Alley

Hi Joe,

I might be able to put some general code in the login form (as a jsp)
that puts all form data present in the previous page into the login form
so it could be passed on, but that will still leave the problem of the
method becomes GET instead of POST.

I'm really hoping there's a more elegant solution - after this
technology's been around for a while!

Thanks
Martin

-Original Message-
From: Joe Germuska [mailto:[EMAIL PROTECTED] 
Sent: 26 March 2004 14:21
To: Struts Users Mailing List
Subject: RE: How does ActionForm data pass through container called form
based login page?

At 1:59 PM + 3/26/04, Martin Alley wrote:
Well I've just simplified by login form  - plain html - no struts stuff
going on.

I've also simplified the filter so detects a fresh logon and starts a
session accordingly - no longer any redirecting to LoginAction.

However the critical behaviour is still the same - existingCustomerForm
- the one I need to survive the login process still ends up getting
trashed.

I'm wondering if I have to make every form (that might span a session
timeout) part of the login page so that it stays alive - this sounds
like a ridiculous solution.  Has anyone else got a solution?

It may be a little ridiculous, but if the security implementation 
doesn't pass along form data when it forwards to the intended 
destination, then there's not much you can do about it.

I'm assuming that the container is intercepting before Struts ever 
gets a chance to create an ActionForm based on the submission, so I 
don't think that making them session scoped is likely to help.

This probably doesn't constitute a solution, but perhaps extending 
the session timeout would help a bit.  Perhaps you could come up with 
some kind of javascript hack which calls a URL against the struts app 
periodically to keep the session alive?

Joe
-- 
Joe Germuska
[EMAIL PROTECTED]  
http://blog.germuska.com
   Imagine if every Thursday your shoes exploded if you tied them 
the usual way.  This happens to us all the time with computers, and 
nobody thinks of complaining.
 -- Jef Raskin

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: How does ActionForm data pass through container called form based login page?

2004-03-26 Thread Joe Germuska

I might be able to put some general code in the login form (as a jsp)
that puts all form data present in the previous page into the login form
so it could be passed on, but that will still leave the problem of the
method becomes GET instead of POST.
I'm really hoping there's a more elegant solution - after this
technology's been around for a while!
Yeah, but there are some basic limitations to the container managed 
security model, and I haven't heard any signs that they are being 
addressed.  For example, container managed security doesn't allow you 
to present a login form to a user as a component of any page besides 
the single registered form, and it doesn't allow you to server 
resources from one path with two different states, user authorized 
or not authorized...  Both of those are standard in modern webapps, 
but there's no clean way to handle them using container managed 
security.  (I saw a JDJ article last year that had some work 
arounds...)

So that said, it may not be surprising that the container managed 
security model also has no support for continuing the flow of request 
data to the originally requested URL after logging in.

Joe

--
Joe Germuska
[EMAIL PROTECTED]  
http://blog.germuska.com
  Imagine if every Thursday your shoes exploded if you tied them 
the usual way.  This happens to us all the time with computers, and 
nobody thinks of complaining.
-- Jef Raskin

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: How does ActionForm data pass through container called form based login page?

2004-03-26 Thread Martin Alley

Paddy,

Looks like you've been here before!! :-)

It'll take me a bit of time to digest this, but I'll have a look.

Does this actually work for you?

Thanks
Martin

-Original Message-
From: Pady Srinivasan [mailto:[EMAIL PROTECTED] 
Sent: 26 March 2004 15:21
To: Struts Users Mailing List
Subject: RE: How does ActionForm data pass through container called form
based login page?


This is the only solution I can think of:

public class RedirectServletRequest extends HttpServletRequest {
public RedirectServletRequest(HttpServletRequest req) {
this.request = req;
}

public String getParameter(String name) {
if ( request.getParameter(name) == null ) {
String paramVal = (String)request.getSession().

getAttribute(TEMP_SAVED_PARAM);

request.getSession().removeAttribute(TEMP_SAVED_PARAM);
return paramVal;
}
return (String)request.getParameter(name);
}

// override all other methods using the delegate request
}

public class RedirectActionServlet extends ActionServlet {
public void doPost(HttpServletRequest request, ...) {
process(new RedirectActionServlet(request), response);
}
public void doGet(HttpServletRequest request, ...) {
process(new RedirectActionServlet(request), response);
}
}

public class LoginFilter implements Filter {
  public void doFilter(ServletRequest request, ServletResponse response,
   FilterChain chain) 
throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest)request;
ServletContext context = filterConfig.getServletContext();

If ( !loggedIn ) {
// save all parameters to session
// save current URI as REDIRECT_URI in session
// redirect to login action
}
}

public class LoginAction extends Action {

public void execute(...) {
// do login 
// login success
// redirect to REDIRECT_URI
}
}



Thanks
 
-- pady
[EMAIL PROTECTED]
 

-Original Message-
From: Martin Alley [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 26, 2004 8:59 AM
To: 'Struts Users Mailing List'
Subject: RE: How does ActionForm data pass through container called form
based login page?

Well I've just simplified by login form  - plain html - no struts stuff
going on.

I've also simplified the filter so detects a fresh logon and starts a
session accordingly - no longer any redirecting to LoginAction.

However the critical behaviour is still the same - existingCustomerForm
- the one I need to survive the login process still ends up getting
trashed.

I'm wondering if I have to make every form (that might span a session
timeout) part of the login page so that it stays alive - this sounds
like a ridiculous solution.  Has anyone else got a solution?

Thanks
Martin

-Original Message-
From: Martin Alley [mailto:[EMAIL PROTECTED] 
Sent: 26 March 2004 09:41
To: [EMAIL PROTECTED]
Subject: How does ActionForm data pass through container called form
based login page?

Hi,

Suppose I've got a web based form that posts data to an action, and I
have that action protected by container form based authorization - how
does the ActionForm data get through.

I have a situation like this, and my ActionForm is empty after I've been
through the form-based login page.

One could say - stick the input form in the constrained area also, so
the login page doesn't come between the input form and the action that
processes it - but this is actually occurring when a session times out
whilst sitting at the input form.

Thanks
Martin




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__

__
This e-mail has been scanned by the Heroix e-mail security system
__

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: How does ActionForm data pass through container called form based login page?

2004-03-26 Thread Martin Alley

I think I need to do some simple test cases - with and without struts.

Martin

-Original Message-
From: Joe Germuska [mailto:[EMAIL PROTECTED] 
Sent: 26 March 2004 15:20
To: Struts Users Mailing List
Subject: RE: How does ActionForm data pass through container called form
based login page?

I might be able to put some general code in the login form (as a jsp)
that puts all form data present in the previous page into the login
form
so it could be passed on, but that will still leave the problem of the
method becomes GET instead of POST.

I'm really hoping there's a more elegant solution - after this
technology's been around for a while!

Yeah, but there are some basic limitations to the container managed 
security model, and I haven't heard any signs that they are being 
addressed.  For example, container managed security doesn't allow you 
to present a login form to a user as a component of any page besides 
the single registered form, and it doesn't allow you to server 
resources from one path with two different states, user authorized 
or not authorized...  Both of those are standard in modern webapps, 
but there's no clean way to handle them using container managed 
security.  (I saw a JDJ article last year that had some work 
arounds...)

So that said, it may not be surprising that the container managed 
security model also has no support for continuing the flow of request 
data to the originally requested URL after logging in.

Joe

-- 
Joe Germuska
[EMAIL PROTECTED]  
http://blog.germuska.com
   Imagine if every Thursday your shoes exploded if you tied them 
the usual way.  This happens to us all the time with computers, and 
nobody thinks of complaining.
 -- Jef Raskin

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: How does ActionForm data pass through container called form based login page?

2004-03-26 Thread Martin Alley

I'll be very interested to here the outcome...

Thanks
Martin


-Original Message-
From: Pady Srinivasan [mailto:[EMAIL PROTECTED] 
Sent: 26 March 2004 16:07
To: Struts Users Mailing List
Subject: RE: How does ActionForm data pass through container called form
based login page?


We were going to implement this today or early next week :-)...looking
at
the code, I feel you don't need to extend ActionServlet at all. Instead
the
filter will create the request before forwarding to the ActionServlet.

public class LoginFilter implements Filter {
  public void doFilter(ServletRequest request, ServletResponse response,
   FilterChain chain) 
throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest)request;
ServletContext context = filterConfig.getServletContext();

If ( !loggedIn ) {
// save all parameters to session
// save current URI as REDIRECT_URI in session
// redirect to login action
} else if ( redirectUriIsSet ) {
RedirectServletRequest newreq = new

RedirectServletRequest(request);
Chain.doFilter(newreq, response);
}
}

Thanks
 
-- pady
[EMAIL PROTECTED]
 

-Original Message-
From: Martin Alley [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 26, 2004 10:35 AM
To: 'Struts Users Mailing List'
Subject: RE: How does ActionForm data pass through container called form
based login page?

Paddy,

Looks like you've been here before!! :-)

It'll take me a bit of time to digest this, but I'll have a look.

Does this actually work for you?

Thanks
Martin

-Original Message-
From: Pady Srinivasan [mailto:[EMAIL PROTECTED] 
Sent: 26 March 2004 15:21
To: Struts Users Mailing List
Subject: RE: How does ActionForm data pass through container called form
based login page?


This is the only solution I can think of:

public class RedirectServletRequest extends HttpServletRequest {
public RedirectServletRequest(HttpServletRequest req) {
this.request = req;
}

public String getParameter(String name) {
if ( request.getParameter(name) == null ) {
String paramVal = (String)request.getSession().

getAttribute(TEMP_SAVED_PARAM);

request.getSession().removeAttribute(TEMP_SAVED_PARAM);
return paramVal;
}
return (String)request.getParameter(name);
}

// override all other methods using the delegate request
}

public class RedirectActionServlet extends ActionServlet {
public void doPost(HttpServletRequest request, ...) {
process(new RedirectActionServlet(request), response);
}
public void doGet(HttpServletRequest request, ...) {
process(new RedirectActionServlet(request), response);
}
}

public class LoginFilter implements Filter {
  public void doFilter(ServletRequest request, ServletResponse response,
   FilterChain chain) 
throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest)request;
ServletContext context = filterConfig.getServletContext();

If ( !loggedIn ) {
// save all parameters to session
// save current URI as REDIRECT_URI in session
// redirect to login action
}
}

public class LoginAction extends Action {

public void execute(...) {
// do login 
// login success
// redirect to REDIRECT_URI
}
}



Thanks
 
-- pady
[EMAIL PROTECTED]
 

-Original Message-
From: Martin Alley [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 26, 2004 8:59 AM
To: 'Struts Users Mailing List'
Subject: RE: How does ActionForm data pass through container called form
based login page?

Well I've just simplified by login form  - plain html - no struts stuff
going on.

I've also simplified the filter so detects a fresh logon and starts a
session accordingly - no longer any redirecting to LoginAction.

However the critical behaviour is still the same - existingCustomerForm
- the one I need to survive the login process still ends up getting
trashed.

I'm wondering if I have to make every form (that might span a session
timeout) part of the login page so that it stays alive - this sounds
like a ridiculous solution.  Has anyone else got a solution?

Thanks
Martin

-Original Message-
From: Martin Alley [mailto:[EMAIL PROTECTED] 
Sent: 26 March 2004 09:41
To: [EMAIL PROTECTED]
Subject: How does ActionForm data pass through container called form
based login page?

Hi,

Suppose I've got a web based form that posts data to an action, and I
have that action protected by container form based authorization - how
does the ActionForm data get through.

I have a situation like

RE: How does ActionForm data pass through container called form based login page?

RE: How does ActionForm data pass through container called form based login page?

RE: How does ActionForm data pass through container called form based login page?

RE: How does ActionForm data pass through container called form based login page?

RE: How does ActionForm data pass through container called form based login page?

RE: How does ActionForm data pass through container called form based login page?

RE: How does ActionForm data pass through container called form based login page?

7 matches

Site Navigation

Mail list logo

Footer information