An interceptor is exactly like a filter. I runs before and after an action executes.
Check out the following: http://struts.apache.org/2.x/docs/interceptors.html http://struts.apache.org/2.x/docs/writing-interceptors.html Also the 'FAQ" section at the bottom of the first like has some useful information. Here is my intercrept method from the SystemAdmin check: public String intercept(ActionInvocation actionInvocation) throws Exception { //get my user object form the session Map session = ActionContext.getContext().getSession(); User user = (User)session.get(Constants.USER_SESSION_KEY); boolean allowAccess = (null != user) && (user.getSystemAdmin()); if(allowAccess) { return actionInvocation.invoke(); } else { return BaseAction.NO_ACCESS; } } Next I had to add the interceptor to my SysAdmin package: <interceptors> <interceptor name="accessChecker" class="rs.app.SystemAdminAccessInterceptor"/> <interceptor-stack name="sysAdminDefault"> <interceptor-ref name="accessChecker"/> <interceptor-ref name="defaultStack"/> </interceptor-stack> </interceptors> and change the default stack: <default-interceptor-ref name="sysAdminDefault"/> Now every action in that package will call my access checker before it executes. If the check fails then the NO_ACCESS constant is returned (which is a constant in my BaseAction class whcih equals "noAccess"). Now that I think about it, Im not sure if I should have put that constant in that class......anyway... I defined a global result to handle the noAccess result: <global-results> <result name="noAccess" type="redirect-action"> <param name="actionName">Home</param> <param name="namespace">/</param> </result> </global-results> This result returns the user to the Home screen. In my case the user should never see the link that takes them to restricted parts of the page. I wrote this in case a curious user started typing in URL's. I don't give them an error I just kick them back to the main page. On 8/6/07, Jim Theodoridis <[EMAIL PROTECTED]> wrote: > I wrote a "LoadApplication" action that executes after my user has > > logged in. It checks the database to see what roes they have and it > fills the session with a few variables such as... > > I am thinkng to do the same with filter is it possible? > I am using DispatchAction alot is it possible to allow a function action > like list and to deny create > > tnx but i have never work with interceptor > > Richard Sayre wrote: > > I wrote a "LoadApplication" action that executes after my user has > > logged in. It checks the database to see what roes they have and it > > fills the session with a few variables such as > > > > admin = true; > > designer = false; etc. > > > > > > by default they are all false. > > > > Then I wrote an interceptor that checked their access from the > > session. If they have access the Action they are requesting would > > execute. If they did not have access I would redirect them to the > > main page. You could also have the interceptor check the Database > > directly. I am not a security expert, but this should be more secure > > than storing those values in session. There will be more overhead in > > checking the database before every action. > > > > On 8/6/07, Jim Theodoridis <[EMAIL PROTECTED]> wrote: > > > >> Hello > >> > >> I am using my own security manager to login to a struts application. > >> I am looking for a way to fires an action only when a user logs in > >> have the rights permissions > >> > >> Any suggestions? > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]