On Sun, Jul 07, 2002 at 02:56:52PM -0700, Craig R. McClanahan wrote:
> On Sun, 7 Jul 2002, Chris Nokleberg wrote:
> > I have a servlet 2.3 filter that needs to forward requests based on whether
> > they will be eventually be mapped to an action by struts.
>
> One approach to this would be to check the URL of the incoming request
> against the servlet mapping pattern for the controller servlet -- it's
> stored as servlet context attribute Action.SERVLET_KEY
> ("org.apache.struts.action.SERVLET_MAPPING").
Just because the struts servlet is mapped to a prefix does not mean
that every action within that prefix is mapped to an action.
Some background on why this may be useful to others. My goals are:
- Not to have to restrict Action URLs to a special prefix
(e.g. /control/*) or extension (e.g. "*.do").
- Have a mechanism to perform security checks for ALL URLs, including
jsps and static content.
My initial attempt was to map /* to ActionServlet, put all static
content under WEB-INF and forward to there from a default
Action. However, this runs into the well-known problem that even
internal forwards to WEB-INF get mapped through /* back to the
ActionServlet, resulting in infinite recursion. While I think this is
a silly feature of the servlet spec, apparently there's no getting
around it.
My second attempt was more involved, and tried to leverage the new
filters capabilities of the servlet 2.3 spec:
- Map /control/* to ActionServlet.
- Map a new filter ("ActionFilter") to /*.
The filter's job (after checking security) is to take the request URL,
prepend "/control", and "ask" the Struts framework if the new URL
would eventually be mapped to an Action. If the answer is yes, the
filter forwards to the modified URL. If no, the request is let through
unmodified. (Direct requests to /control/* are also disallowed by the
filter) This is where I ran into trouble--figuring out if a particular
URL will be mapped to an action is rather difficult.
-Chris
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
