Hello,
I'm configuring the skeleton of a multi module struts application, and i
would like use a filter for the authentication.
here is psuedojava (for easier reading) of the filter:
public final class AuthFilter implements Filter {
public void doFilter(request, response, chain)
session = request.getSession();
auth = session.getAttribute("authenticated");
if (auth == true) {
chain.doFilter(request, response);
return;
}
else {
dispatcher =
request.getRequestDispatcher("/WEB-INF/jsp/security/login.jsp");
dispatcher.forward (request, response);
return;
}
}
}
I've seen this skeleton suggested in several places on the web.
The question i have is this: After the user submits the login form,
the request will come through the filter, and since it has not yet
been authenticated, it will again forward to the login.jsp.
I've thought of a couple of ways to deal with this and
would like to get input on these and any other approaches.
1) set the mapping of the filter in web.xml in such a way that it
allows the login action through. maybe set all actions to have an
extension of .do except the login action, which has an extension of
.auth. I don't think this will work for me, because the multi module
support of Struts requires extension mapping. I guess i could write a
small serlvet that is not in the struts mapping but is in the same context
and have it mapped to *.auth
2) check within the above filter to see if the request is for the login
action, and if so allow it through. so the if statement above would be:
if (auth == true || req.getPath().equals("login.do"))
Any comments on these ideas or approaches i haven't listed would be
greatly appreciated.
dave
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
