Hi, I took some inspiration from the interceptor you mentioned below but defined my own @InSecure annotation which I put on event handling methods that don"t require the user to be logged in.
The interceptor was modified to check for this annotation on the event handling method and if found, executes the handler regardless of user login state.. The end result is the same but it doesn't tie the interceptor directly to the action bean type(s). I can put @Insecure anywhere I want and not need to change the interceptor... ------Original Message------ From: Laurent Perez Sender: To: [email protected] ReplyTo: Stripes Users List Sent: Aug 22, 2008 2:22 PM Subject: [Stripes-users] [stripes-users] Using an interceptor to protectapplication screens Hi I'm a Stripes newbie, please forgive me if this is a dumb question :) I need to protect various screens of an administration backend, i.e a user has to be logged in in order to see the screens, otherwise, it will be returned to a login page. When the login is successfull, a User object is stored into a session. I've tried the SecurityInterceptor available at http://www.stripesframework.org/display/stripes/Intercept+Execution, however I've ran into a problem because this interceptor also intercepts the LoginActionBean I use to log the user in, obviously it will fail because the user is set into the session inside a LoginActionBean event : the only solution I've found so far is to do the following in the interceptor to bypass the security check around the login bean : if(ctx.getActionBean() instanceof LoginActionBean){return resolution;} However, this does not "feel" right ; when I see an instanceof I usually ask myself if this is the best scenario. Is my instanceof check the correct way to avoid protecting the login action bean itself ? Thanks ! laurent -- <a href="http://in-pocket.blogspot.com";>http://in-pocket.blogspot.com - Mobile world, technology and more</a> ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users Sent from my Verizon Wireless BlackBerry ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
