Here is a partial code that might help. It stores the current action (secured
action) and the parameters in the session:
if (actionSecured && !loggedIn) {
System.out.println("Redirecting to login page");
Map session = actionInvocation.getInvocationContext().getSession();
session.put("securedPage",
actionInvocation.getInvocationContext().getName());
session.put("securedPageParams",
actionInvocation.getInvocationContext().getParameters());
return Action.LOGIN;
}
To restore the parameters and redirect to the secured action, I extended
org.apache.struts2.dispatcher.ServletActionRedirectResult and override the
execute method. The login action uses this result to redirect to the secured
action:
public void execute(ActionInvocation actionInvocation) throws Exception {
Map session = actionInvocation.getInvocationContext().getSession();
Map requestParameter = (Map) session.get("securedPageParams");
actionName = (String) session.get("securedPage");
for (Object key : requestParameter.keySet()) {
String[] val = (String[]) requestParameter.get(key);
addParameter((String) key, val[0]);
}
super.execute(actionInvocation);
}
I'm not sure if this works with POST parameters. I hope this helps.
--
Mahdi Milani Fard
Viplav Kallepu wrote:
>
> Hi,
>
> Thank you for sharing the idea. I am also working on the authorization
> and authentication of my application.
>
> "The authentication interceptor checks the action method for @Secured
> annotation and checks the session to see if the user has logged in. If
> not,
> the target page and parameters are saved in the session and the user is
> redirected to the login page.
> There is a login action that authenticates the user (using database,
> files,
> ...) and saves any needed data in the session. It then uses a LoginResult
> that redirects to the target page (the secured page that the user was
> redirected from) and sets the saved parameters for that page."
>
> My application contains lot of values in the session.So i need to
> populate
> the session after logging in using Action class of the login page. I am
> thinking of a design for allowing users to bookmark a page. After he
> selects
> a bookmarked page, if he is not logged in he should be redirected to login
> page and after logging in , he should come to the bookmarked page which is
> like what you explained above. Can you please tell me how did you do this.
>
> Regards
> Viplav Kallepu
>
>
>
>
>
>
>
>
> Mahdi Milani Fard <[EMAIL PROTECTED]> wrote:
>
>>
>> Hi,
>>
>> I'm developing a Struts 2 application which needs non-role-based
>> authorization (e.g. a user can see the messages of a group if he is a
>> member, etc.) Realm is not enough in such case and you need to add some
>> authorization code to each action if you use realm. I developed an
>> authentication/authorization mechanism using annotation for this problem.
>> I
>> thought it's good to share this with other struts users.
>>
>> I use two interceptors:
>> The authentication interceptor along with @Secured annotation:
>>
>>
>> @Secured
>> public String getMessageList() {
>> ...
>> }
>>
>>
>> The authentication interceptor checks the action method for @Secured
>> annotation and checks the session to see if the user has logged in. If
>> not,
>> the target page and parameters are saved in the session and the user is
>> redirected to the login page.
>>
>> There is a login action that authenticates the user (using database,
>> files,
>> ...) and saves any needed data in the session. It then uses a LoginResult
>> that redirects to the target page (the secured page that the user was
>> redirected from) and sets the saved parameters for that page.
>>
>> The second interceptor is authorization interceptor along with the
>> @Authorizer annotation:
>>
>>
>> @Secured
>> @Authorizer("isMember")
>> public String getMessageList() {
>> ...
>> }
>>
>> boolean isMember() {
>> ...
>> }
>>
>>
>> Here the interceptor checks the action method for @Authorizer
>> interceptor.
>> If such annotation exists it uses reflection to call the indicated
>> methods
>> (e.g. "isMember") on the same action object. If you add the authorization
>> interceptor in the correct place in the interceptor stack, at the time
>> the
>> authorizer method is called, the action bean is populated using the
>> setters.
>> So the authorizer can use the filled values to check for authorization
>> and
>> returns a boolean indicating if the current user (saved in session) is
>> authorized to do the action (with respect to the filled parameters.)
>>
>> Although it looks like re-inventing the wheel, I think this mechanism is
>> good enough for simple authentication/authorization.
>> --
>> View this message in context:
>> http://www.nabble.com/Simple-authentication-authorization-with-Struts-2-using-annotation-tf4109818.html#a11687101
>> Sent from the Struts - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> --
> Regards
> Viplav Kallepu
>
>
--
View this message in context:
http://www.nabble.com/Simple-authentication-authorization-with-Struts-2-using-annotation-tf4109818.html#a11702484
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
