You may want to see if this supports your requirements: https://sourceforge.net/projects/securityfilter/
robert > -----Original Message----- > From: David Evans [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 26, 2004 12:07 PM > To: Struts Users Mailing List > Subject: servlet filters and authentication > > > Hello, > > I'm configuring the skeleton of a multi module struts application, and i > would like use a filter for the authentication. > > here is psuedojava (for easier reading) of the filter: > > public final class AuthFilter implements Filter { > > public void doFilter(request, response, chain) > > session = request.getSession(); > auth = session.getAttribute("authenticated"); > if (auth == true) { > chain.doFilter(request, response); > return; > } > else { > dispatcher = > request.getRequestDispatcher("/WEB-INF/jsp/security/login.jsp"); > dispatcher.forward (request, response); > return; > } > } > } > > > I've seen this skeleton suggested in several places on the web. > The question i have is this: After the user submits the login form, > the request will come through the filter, and since it has not yet > been authenticated, it will again forward to the login.jsp. > I've thought of a couple of ways to deal with this and > would like to get input on these and any other approaches. > > 1) set the mapping of the filter in web.xml in such a way that it > allows the login action through. maybe set all actions to have an > extension of .do except the login action, which has an extension of > .auth. I don't think this will work for me, because the multi module > support of Struts requires extension mapping. I guess i could write a > small serlvet that is not in the struts mapping but is in the same context > and have it mapped to *.auth > > 2) check within the above filter to see if the request is for the login > action, and if so allow it through. so the if statement above would be: > if (auth == true || req.getPath().equals("login.do")) > > Any comments on these ideas or approaches i haven't listed would be > greatly appreciated. > > dave > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
