On Wed, 16 Mar 2005 16:28:57 +0100, Matthias Wessendorf <[EMAIL PROTECTED]> wrote: > Hi Craig, > > I am wondering, why you provide a chain catalog inside of WEB-INF/ in > use-cases web app? > Only for "Disallow direct access to JSP and JSFP resources" ?
The Shale version of the Struts "request processor" concept is implemented with a Filter that in turn executes a [chain] Command (in core-library, see src/java/org/apache/shale/faces/shale-config.xml) for every request. In turn, this chain allows you to optionally customize the overall behavior by defining your own "preprocess" and "postprocess" chains in the "shale" catalog, without modifying the standard one. Several useful filtering commands that you might want to include can be found in the org.apache.shale.application package. The "use cases" example happens to use one of the (the regular expression filter) to enforce the "no direct access to a JSP page" rule. > > ***snip*** > > <command > className="org.apache.shale.application.ContextRelativePathFilter" > includes="\S*\.faces,\S*\.html,\S*\.gif,\S*\.jpg,/index\.jsp" > excludes="\S*\.jsp,\S*\.jspf" > /> > > ***snip*** > > And also I'd like to know if it is posible to place *custom* commands > inside that chain? (<chain name="preprocess">). Sure -- just define your own "preprocess" chain in the "shale" catalog, just like the Use Cases application does, and include whatever Command implementations you want. The chain running inside Shale executes the "preprocess" chain (if it exists ... it doesn't unless you actually create one) at the beginning of each request. > > And if posible, how? and why? :-) > (what about Authentication ?) Authentication, in the sense that something like SecurityFilter does it, could be enforced at this level -- although it will require a bit of manipulation of the context object to replace the wrapped request with one that has the simulated credentials. Much easier would be a Command that just verifies the current user is logged on (by seeing if an object is in session scope under a known key). > > (not really familiar with Commons Chain, only read about it a bit on > "onjava.com") The website for [chain] has some useful information in the "Cookbook" section, as well as a pointer to the current Javadocs: http://jakarta.apache.org/commons/chain/ > > Thanks, > Matthias > > Craig
