What's the implementation of ctx.setLoginID(foundUser) look like?
I should look something like this:
getRequest().getSession().setAttribute(USER_KEY, currentUser);
Here's my action bean context with a few other fun things on it:
public class KonoActionBeanContext extends ActionBeanContext
{
public static final String USER_KEY = "com.kono.session.user";
public Person getCurrentUser()
{
return (Person) getRequest().getSession().getAttribute(USER_KEY);
}
public void setCurrentUser(Person currentUser)
{
getRequest().getSession().setAttribute(USER_KEY, currentUser);
}
public String getFullBaseUrl() {
String fullServerUrl = getRequest().getServerName();
int port = getRequest().getServerPort();
if(port != 80) {
fullServerUrl += ":"+getRequest().getServerPort();
}
return fullServerUrl;
}
public String getLastUrl() {
String s = getRequest().getServletPath();
return s;
}
// **************** COOKIE CODE ****************
private void deleteCookie(String cookieName, String domain)
{
setCookie(cookieName, domain, "Deleted", 0); // time
of 0 means delete
}
private void setSessionCookie(String cookieName, String cookieData)
{
// let session cookie domain be null so it distinguishes
between domains
setCookie(cookieName, null, cookieData, -1);
}
private void setCookie(String cookieName, String domain, String
cookieData, int durationInSeconds)
{
Cookie cookie = new Cookie(cookieName, cookieData);
if(domain != null) {
cookie.setDomain(domain);
}
cookie.setMaxAge(durationInSeconds);
cookie.setPath("/");
getResponse().addCookie(cookie);
}
private static Cookie getCookie(HttpServletRequest request, String
cookieName)
{
Cookie[] cookies = request.getCookies();
if(cookies != null)
{
for(Cookie cookie : cookies)
{
if(cookie.getName().equals(cookieName))
{
return cookie;
}
}
}
return null;
}
private static final Pattern ipRegex =
Pattern.compile("^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}.*"); // not
perfect as it'll match 999.999.999.999 etc.
private String getRootCookieDomain() {
String requestDomain = getRequest().getServerName();
if(requestDomain.startsWith("localhost") ||
ipRegex.matcher(requestDomain).matches()) {
// localhost shouldn't set the domain, nor should
direct ip queries
return null;
}
if(requestDomain.startsWith("my.")) {
requestDomain = requestDomain.substring(3);
} else if(requestDomain.startsWith("www.")) {
requestDomain = requestDomain.substring(4);
}
return "."+requestDomain;
}
}
On Oct 12, 2010, at 12:14 PM, John Berninger wrote:
> Folks -
>
> I'm having some problems figuring out security in Stripes. I'm attempting to
> use the J2EESecurityManager model described in the Stripes book, and I'm
> missing something obvious...
>
> I set up a login action that sets a user ID and is supposed to (or so I
> thought) signal to the security manager that "hey, I'm logged in". When I
> then redirect to an action bean that I've marked as requiring a certain role,
> I get a 401 error message saying "This request requires HTTP
> authentication()."
>
> I'm attaching my security manager class, the login action bean, and the bean
> requiring the user be logged in. Any help on where I went wrong would be
> appreciated.
>
> --
> John
>
> --
> John
>
> package util;
>
> import org.stripesstuff.plugin.security.*;
>
> import daoimpl.RoleDao;
> import net.sourceforge.stripes.action.*;
> import java.lang.reflect.*;
> import java.util.*;
> import model.*;
> import action.*;
> import org.apache.log4j.*;
> public class HaxSecurityManager extends J2EESecurityManager {
> private static Logger log = Logger.getLogger(HaxSecurityManager.class);
>
> @Override
> protected Boolean isUserAuthenticated(ActionBean bean, Method handler) {
> return getUser(bean) != null;
> }
>
> @Override
> protected Boolean hasRole(ActionBean actionBean, Method handler, String
> role) {
> log.debug("Checking for role");
> Person user = getUser(actionBean);
> if ( user != null ) {
> Collection<Role> roles = user.getRoles();
> if ( null == roles ) {
> return false;
> }
> return roles != null &&
> roles.contains(RoleDao.getInstance().findByRoleName(role));
> }
> return false;
> }
>
> private Person getUser(ActionBean bean) {
> MyActionBeanContext ctx = (MyActionBeanContext)
> ((BaseActionBean) bean).getContext();
> Person user = ctx.getLoginID();
> try {
> log.debug("Found current logged in user " +
> user.getUsername());
> }
> catch (Exception e) {
> log.warn("Error in current logged in user object - " +
> e.getMessage());
> }
> return user;
> }
> }
> package action;
>
> import net.sourceforge.stripes.action.*;
> import javax.annotation.security.*;
>
> @RolesAllowed("User")
> public class HomeActionBean extends BaseActionBean {
> private static final String HOMEPAGE = "/WEB-INF/jsp/home.jsp";
>
> @DefaultHandler
> public Resolution mainForm() {
> return new ForwardResolution(HOMEPAGE);
> }
> }
> package action;
>
> import daoimpl.*;
> import model.*;
> import util.*;
> import net.sourceforge.stripes.action.*;
> import org.apache.log4j.*;
>
> public class LoginActionBean extends BaseActionBean {
> private String username;
> private String password;
> private static Logger log = Logger.getLogger(LoginActionBean.class);
>
> public void setUsername(String username) {
> this.username = username;
> }
>
> public String getUsername() {
> return username;
> }
>
> public void setPassword(String password) {
> this.password = password;
> }
>
> public String getPassword() {
> return password;
> }
>
> @DefaultHandler
> public Resolution noName() {
> return new RedirectResolution(GreeterActionBean.class);
> }
>
> public Resolution login() {
> log.debug("Starting login process");
> Person foundUser =
> UserDao.getInstance().findUserByName(getUsername());
> if ( null == foundUser ) {
> log.warn("Username not found in database");
> getContext().getMessages().add(new SimpleMessage("The
> specified username was not found in our database. Please create an account
> before attempting to log in."));
> return new RedirectResolution(GreeterActionBean.class);
> }
> if ( getPassword().equals(foundUser.getPassword()) ) {
> MyActionBeanContext ctx =
> (MyActionBeanContext)getContext();
> ctx.setLoginID(foundUser);
> log.debug("Logging in user " + this.username);
> return new RedirectResolution(HomeActionBean.class);
> } else {
> log.warn("Password incorrect for user " +
> this.username);
> getContext().getMessages().add(new SimpleMessage("The
> password given is incorrect. Please try again."));
> return new RedirectResolution(GreeterActionBean.class);
> }
> }
> }
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
> Spend less time writing and rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb_______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
