Re: Struts Authentication Filter

Wed, 25 Sep 2002 13:33:30 -0700 

Several options:
1. use the <filter-mapping> element to map your filter to the url patterns 
you want protected.  I haven't tried multiple mappings but I put all 
protected pages under a /secure directory and mapped it like this:
><filter-mapping>
>     <filter-name>authenticationFilter</filter-name>
>     <url-pattern>/secure/*</url-pattern>
></filter-mapping>

2. use the filter's init parameter but put a comma delimited list of pages 
in it.  then parse the list in your filter:
(i think something like this)
><filter>
>     <filter-name>authenticationFilter</filter-name>
>     <filter-class>AuthenticationFilter</filter-class>
      <init-param>
        <param-name>files</param-name>
        <param-value>/myjsp.jsp,/secure/file2.jsp</param-value>
      <init-param>
></filter>

3.  use the init param to tell your filter the location of a file that 
contains the list of urls to protect.  Then your filter would read the file 
and act like number 2.

Personally, I would go with number 1.

Dave





>From: "Mark Silva" <[EMAIL PROTECTED]>
>Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
>To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
>Subject: Struts Authentication Filter
>Date: Wed, 25 Sep 2002 12:03:53 -0700
>
>hello all,
>
>I am attempting to write an Authentication Filter (Servlet Filter) for my 
>Stuts App.  It is pretty simple so far.  it just checks to see if a User 
>has Authenticated yet (from the session), and if not calls sendRedirect on 
>the response.  code and xml below....
>
>               public void doFilter...
>               ...
>               HttpSession  session  = request.getSession();
>
>               if(!SecurityManager.isUserAuthenticated(session))
>                       response.sendRedirect("login.do");
>               else
>                       chain.doFilter(request, response);
>
>
><filter>
>     <filter-name>authenticationFilter</filter-name>
>     <filter-class>AuthenticationFilter</filter-class>
></filter>
>
>
><filter-mapping>
>     <filter-name>authenticationFilter</filter-name>
>     <url-pattern>/*</url-pattern>
></filter-mapping>
>
>my question, is how i can give the filter a list of pages that are 
>unathenticated.  and to entend that idea, a list of pages that can only be 
>authenticated by an admin.  i have seen that the FilterConfig can be used 
>to get init parameters, but these only seem to be single values.  not a 
>list of potential URLs....  does any one have a solution to this problem?
>
>thanks,
>mark
>
>--
>To unsubscribe, e-mail:   
><mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: 
><mailto:[EMAIL PROTECTED]>




_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to