C.F.,
Getting Filters to run is a "set and forget" sort of thing. Once you
define them in your web.xml file they will run automatically. The specs
can do a better job explaining Filters than I can. Filters get invoked
for ever request matching a specified URL pattern. You can also chain
multiple filters together. You'll notice that only HttpServletRequests
are processed by the code I sent yesterday. I have not observed any
noticeable performance difference with the filter running.
A Filter works just like a Servlet when it comes to URL mapping. If
only part of your site is secured the Filter need only be invoked for
calls to that URL pattern. In the example below I show a URL pattern of
/secured/* to invoke the Filter only if the resource URL contains
"/secured/".
<filter>
<filter-name>contextInitializer</filter-name>
<display-name>contextInitializer</display-name>
<description></description>
<filter-class>com.umb.optout.view.ContextInitializerFilter</filter-class
>
</filter>
<filter-mapping>
<filter-name>contextInitializer</filter-name>
<url-pattern>/secured/*</url-pattern>
</filter-mapping>
Steve
-----Original Message-----
From: C.F. Scheidecker Antunes [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 18, 2005 5:19 PM
To: Struts Users Mailing List; Mitchell, Steven C
Subject: Re: Question on log on with SecurityFilter and JDBCRealm
Steven,
Thanks!
Yeah, great idea. In fact I was reading about that on O'Reilly's Struts
Cookbook.
I have one question to you though:
How is the filter executed? After the login? Or after every http request
to the server?
What does fire the filter up? Is it like an event for a GUI app? I would
like to understand this
concept better.
regards,
C.F.
Mitchell, Steven C wrote:
>Have you considered using a Filter to put the extra stuff in your
>Session? We use an initialization Filter that looks up a User record
>based on the authenticated user id. We then place that User object
>both in the Session and a thread local variable so that it is available
>to all the layers of our framework. Our DAO classes use the thread
>local variable to set things like Last Updated By. If you use the
>thread local variable make sure the last thing the Filter does is to
>set it to null so that the thread is not returned to the container's
>thread pool with the User object.
>
>public void doFilter( final ServletRequest servletRequest,
> final ServletResponse servletResponse,
> final FilterChain filterChain )
> throws IOException, ServletException
> {
> if ( servletRequest instanceof HttpServletRequest )
> {
> final HttpServletRequest httpServletRequest =
> (HttpServletRequest) servletRequest;
> final String remoteUser =
>httpServletRequest.getRemoteUser();
> if ( DataHelper.empty( remoteUser ) ||
> "null".equalsIgnoreCase( remoteUser ) )
> {
> if ( log.isDebugEnabled() )
> {
> log.debug( "No User info Available" );
> } //end if
>
> ThreadContext.setUser( null );
> } //end if
> else
> {
> final HttpSession session =
>httpServletRequest.getSession( true );
> User user = (User) session.getAttribute(
>SESSION_TOKEN_SYSUSER );
> if ( user == null )
> {
> try
> {
> user = UserController.findUserByLoginId(
>remoteUser );
> if ( log.isDebugEnabled() )
> {
> log.debug( "Initializing user " +
>user.getUserId() );
> } //end if
> } //end try
> catch ( final Exception e )
> {
> throw new ServletException( e );
> } //end catch
>
> session.setAttribute( SESSION_TOKEN_SYSUSER, user
);
> } //end if
>
> ThreadContext.setUser( user );
> } //end else
> } //end if
>
> filterChain.doFilter( servletRequest, servletResponse );
> ThreadContext.setUser( null ); //Clear the thread before
>returning it to the server's thread pool
> }
>
>Steve Mitchell
>UMB Bank
>
>-----Original Message-----
>From: C.F. Scheidecker Antunes [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, August 17, 2005 12:50 PM
>To: Struts Users Mailing List
>Subject: Question on log on with SecurityFilter and JDBCRealm
>
>
>Hello all,
>
>I've managed to have successful authentication with securityFilter and
>JDBCRealm.
>
>I have a few questions that I was hoping you could clarify for me.
>
>After the login is successful, is there any way to forward that to a
>success page/action
>so that I can add extra stuff to the session context? This is my
><login-config> session
>in the securityfilter-config.xml file:
>
>*<login-config>*
> *<auth-method>*FORM*</auth-method>*
> *<form-login-config>*
> *<form-login-page>*/login.jsp*</form-login-page>*
> *<form-error-page>*/error.jsp*</form-error-page>*
> *<form-default-page>*/index.html*</form-default-page>*
> *</form-login-config>*
> *</login-config>*
>
>
>My second question is concernig accessing the username value from the
>session context.
>How is that stored in the session? How can I access it?
>My login.jsp form uses standard j_security_check for the action on the
>login form, j_username, j_password for the 2 inputs.
>
>I would like, after the login is succesful to forward that to an action
>in order to access the database using the username as a key and return
>an userID number that I also want to store in the session. How can I
>accomplish this?
>
>Thanks in advance,
>
>C.F.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
