>what would be nice is some explanation as to how to better configure the
>filtering and namespaces in the web and struts xml files.
Totally agree, I have struggling with this myself for sometime [extensive
googling culminated in no good answer].
--- On Mon, 5/18/09, jesse crossley <jesse.cross...@gmail.com> wrote:
> From: jesse crossley <jesse.cross...@gmail.com>
> Subject: Re: File upload (jupload)--how to disable struts2' fileupload
> interceptor?
> To: user@struts.apache.org
> Received: Monday, May 18, 2009, 8:38 PM
>
> you were right, Andy,
> i finally safely changed the struts2 filter mappings from
> "/*" to "*.action"
> and today i've had great success merging redback struts2
> with my existing
> webapp.
>
> i hit upon this when googling led me to another post
> elsewhere that was
> questioning how to run struts1 alongside struts2. the
> answer was to map the
> struts1 servlet to "*.do" and the struts2 filter to
> "*.action". this beat
> my attempts of "/struts2/*" and even "/*.action", and
> finally did what i
> wanted, enabling all of the security (and struts2) actions
> i need while not
> glomming on to any other URLs i may be using.
>
> but this answer was not easily come by: especially when all
> the
> struts.xml/web.xml/filter information i came across during
> extensive
> googling indicated that the "/*" filter was too important
> to the workings of
> struts2 to disable. coupled with the trouble i had
> creating a valid filter,
> i reached the premature conclusion that i wouldn't find an
> answer to the
> filtering problem.
>
> what would be nice is some explanation as to how to better
> configure the
> filtering and namespaces in the web and struts xml
> files. i'm not about to
> redo my existing webapps in struts2 (due to time and
> general lack of
> knowledge), but i'm all over this integration of redback
> struts2-based
> security with minimal mods to my existing webapps. it
> looks like i can
> safely do it, now, but i can't explain how or why it works
> this way (yet),
> and with the purported wide acceptance and use of struts2
> i'd have hoped for
> more how-to use-cases similar to my own.
>
> the problem i hit now is this one
>
> Andy Sykes wrote:
> >
> > .. the only example I can see is if you're using
> Struts
> > interceptors/actions for webapp security - in which
> case hitting a
> > servlet directly might mean there's no session
> information to validate
> > the user. That's a trivial matter, though.
> >
> >
> i'm in just this scenario now: how can i check the
> securitySession info from
> the servlet-side of things?
> i've re-implemented the IfAuthorizedTag's condition()
> method as a
> Utils.isAuthorized() method, but i never seem to be
> connecting with the
> authorization info. any ideas/pointers there?
> i'm plumb tired after
> googling for days...
>
> public static final boolean ifAuthorized(
>
> final HttpSession session,
>
> final String permission, final String resource) throws
> ServletException {
>
> ApplicationContext
> applicationContext =
> WebApplicationContextUtils.getRequiredWebApplicationContext(session.getServletContext());
> Boolean authzStatusBool = (Boolean)
> session.getServletContext().getAttribute( "redbackCache" +
> permission +
> (resource!=null?resource:""));
> boolean authzStatus;
>
> if ( authzStatusBool == null )
> {
> SecuritySession
> securitySession =
>
> (SecuritySession) session.getAttribute(
> SecuritySystemConstants.SECURITY_SESSION_KEY );
>
> try{
>
> SecuritySystem securitySystem = (SecuritySystem)
> applicationContext.getBean(PlexusToSpringUtils.buildSpringId(SecuritySystem.ROLE));
> if
> (securitySystem == null){
>
> throw new ServletException( "unable to locate
> security
> system" );
> }
>
> authzStatus = securitySystem.isAuthorized( securitySession,
> permission, resource!=null?resource:"" );
>
> session.getServletContext().setAttribute( "redbackCache" +
> permission + (resource!=null?resource:""), Boolean.valueOf(
> authzStatus ) );
> }catch (
> AuthorizationException ae ){
>
> throw new ServletException( "error with authorization", ae
> );
> }
>
> }else{
> authzStatus =
> authzStatusBool.booleanValue();
> }
>
> session.getServletContext().setAttribute(
> "ifAuthorizedTag",
> Boolean.valueOf( authzStatus ) );
> return authzStatus;
> }
> --
> View this message in context:
> http://www.nabble.com/File-upload-%28jupload%29--how-to-disable-struts2%27-fileupload-interceptor--tp23534189p23604543.html
> Sent from the Struts - User mailing list archive at
> Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
__________________________________________________________________
Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your
favourite sites. Download it now
http://ca.toolbar.yahoo.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
