Hi Shilpa
I'm not sure you really need to use Filters for this purpose with Struts.
I think if you make sure you never access pages directly (maybe putting them
under WEB-INF... I've never done this but I know it's possible) but always
thru actions, then it shouldn't be difficult to implement a call to an
authentication component in your execute() method.
Should you absolutely need to authenticate thru a Filter, then it's not
difficult either
You first need to declare it in your web.xml like this:
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.mypackage.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name> AuthFilter </filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Then in your doFilter() method you call
filterChain.doFilter(request, response)
if your user has authenticated successfully
otherwise you can redirect to some error page
-----Messaggio originale-----
Da: Shilpa Vaidya [mailto:[EMAIL PROTECTED]
Inviato: giovedì 3 giugno 2004 12.11
A: 'Struts Users Mailing List'
Oggetto: Servlet filter
hey all,
Preventing users from accesing action. I am writing a web app to manage
administrators and profiles.
Administrators may access to the web app based on the profiles they have.
The profiles, determine which pages the administrator might access. The
profiles, and authorizations, might change online during work, so I need to
check authorization to access a page (Action) on each access.If I understand
correct, then, the actionServlet, first process the form bean, and then the
action..
But, if the user is not authorized to access a specific page (Action), I
need to forward him to an UnAuthorized error page, before thr formAction
bean is filled.
I would like to use a servlet filter. This filter checks the users rights
and instanciates a HttpServletRequest-Wrapper.But am not sure how - .Can
anyone help.Till then me trying to study the ServletFilter examples here n
there.
Shilpa
--
"This e-mail message may contain confidential, proprietary or legally
privileged information. It
should not be used by anyone who is not the original intended recipient. If
you have erroneously
received this message, please delete it immediately and notify the sender.
The recipient
acknowledges that ICICI Bank or its subsidiaries and associated companies,
(collectively "ICICI
Group"), are unable to exercise control or ensure or guarantee the integrity
of/over the contents of the information contained in e-mail transmissions
and further acknowledges that any views
expressed in this message are those of the individual sender and no binding
nature of the message shall be implied or assumed unless the sender does so
expressly with due authority of ICICI Group.Before opening any attachments
please check them for viruses and defects."
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
