no obligation to use StrutsPrepareFilter
//you'll want to create some manner sort of Context
//you'll want to to know which action classes map to which action name(url)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain
chain) throws IOException, ServletException
{
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
try {
prepare.createActionContext(request, response);
prepare.assignDispatcherToThread();
prepare.setEncodingAndLocale(request, response);
request = prepare.wrapRequest(request);
prepare.findActionMapping(request, response);
chain.doFilter(request, response);
} finally {
prepare.cleanupRequest(request);
}
}
no obligation to use the StrutsExecuteFilter
//you'll want to locate and or create the dispatcher
//you'll also need to find ActionMap used in prepare
//you'll want to execute the Action based on the name=value pairing available
//from the map
public void doFilter(ServletRequest req, ServletResponse res, FilterChain
chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// This is necessary since we need the dispatcher instance, which was
created by the prepare filter
lazyInit();
ActionMapping mapping = prepare.findActionMapping(request, response);
if (mapping == null) {
boolean handled = execute.executeStaticResourceRequest(request,
response);
if (!handled) {
chain.doFilter(request, response);
}
} else {
execute.executeAction(request, response, mapping);
}
}
struts-fileupload.xml action class ready to go
<struts>
<package name="fileupload" extends="struts-default" namespace="/fileupload">
<!-- actionName is the driver of this process -->
<action name="doUpload"
class="org.apache.struts2.showcase.fileupload.FileUploadAction" method="upload">
<result name="input">upload.jsp</result>
<result>upload-success.jsp</result>
</action>
Authorization is setup thru configuring a JAASRealm
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JAASRealm
Martin Gainty
______________________________________________
Jogi és Bizalmassági kinyilatkoztatás/Verzicht und
Vertraulichkeitanmerkung/Note de déni et de confidentialité
Ez az
üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy
jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának
készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és
semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek
könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet
ezen üzenet tartalma miatt.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
> Date: Mon, 18 May 2009 14:15:59 -0700
> From: struts...@yahoo.ca
> Subject: Re: File upload (jupload)--how to disable struts2' fileupload
> interceptor?
> To: user@struts.apache.org
>
>
> >what would be nice is some explanation as to how to better configure the
> >filtering and namespaces in the web and struts xml files.
>
> Totally agree, I have struggling with this myself for sometime [extensive
> googling culminated in no good answer].
>
> --- On Mon, 5/18/09, jesse crossley <jesse.cross...@gmail.com> wrote:
>
> > From: jesse crossley <jesse.cross...@gmail.com>
> > Subject: Re: File upload (jupload)--how to disable struts2' fileupload
> > interceptor?
> > To: user@struts.apache.org
> > Received: Monday, May 18, 2009, 8:38 PM
> >
> > you were right, Andy,
> > i finally safely changed the struts2 filter mappings from
> > "/*" to "*.action"
> > and today i've had great success merging redback struts2
> > with my existing
> > webapp.
> >
> > i hit upon this when googling led me to another post
> > elsewhere that was
> > questioning how to run struts1 alongside struts2. the
> > answer was to map the
> > struts1 servlet to "*.do" and the struts2 filter to
> > "*.action". this beat
> > my attempts of "/struts2/*" and even "/*.action", and
> > finally did what i
> > wanted, enabling all of the security (and struts2) actions
> > i need while not
> > glomming on to any other URLs i may be using.
> >
> > but this answer was not easily come by: especially when all
> > the
> > struts.xml/web.xml/filter information i came across during
> > extensive
> > googling indicated that the "/*" filter was too important
> > to the workings of
> > struts2 to disable. coupled with the trouble i had
> > creating a valid filter,
> > i reached the premature conclusion that i wouldn't find an
> > answer to the
> > filtering problem.
> >
> > what would be nice is some explanation as to how to better
> > configure the
> > filtering and namespaces in the web and struts xml
> > files. i'm not about to
> > redo my existing webapps in struts2 (due to time and
> > general lack of
> > knowledge), but i'm all over this integration of redback
> > struts2-based
> > security with minimal mods to my existing webapps. it
> > looks like i can
> > safely do it, now, but i can't explain how or why it works
> > this way (yet),
> > and with the purported wide acceptance and use of struts2
> > i'd have hoped for
> > more how-to use-cases similar to my own.
> >
> > the problem i hit now is this one
> >
> > Andy Sykes wrote:
> > >
> > > .. the only example I can see is if you're using
> > Struts
> > > interceptors/actions for webapp security - in which
> > case hitting a
> > > servlet directly might mean there's no session
> > information to validate
> > > the user. That's a trivial matter, though.
> > >
> > >
> > i'm in just this scenario now: how can i check the
> > securitySession info from
> > the servlet-side of things?
> > i've re-implemented the IfAuthorizedTag's condition()
> > method as a
> > Utils.isAuthorized() method, but i never seem to be
> > connecting with the
> > authorization info. any ideas/pointers there?
> > i'm plumb tired after
> > googling for days...
> >
> > public static final boolean ifAuthorized(
> >
> > final HttpSession session,
> >
> > final String permission, final String resource) throws
> > ServletException {
> >
> > ApplicationContext
> > applicationContext =
> > WebApplicationContextUtils.getRequiredWebApplicationContext(session.getServletContext());
> > Boolean authzStatusBool = (Boolean)
> > session.getServletContext().getAttribute( "redbackCache" +
> > permission +
> > (resource!=null?resource:""));
> > boolean authzStatus;
> >
> > if ( authzStatusBool == null )
> > {
> > SecuritySession
> > securitySession =
> >
> > (SecuritySession) session.getAttribute(
> > SecuritySystemConstants.SECURITY_SESSION_KEY );
> >
> > try{
> >
> > SecuritySystem securitySystem = (SecuritySystem)
> > applicationContext.getBean(PlexusToSpringUtils.buildSpringId(SecuritySystem.ROLE));
> > if
> > (securitySystem == null){
> >
> > throw new ServletException( "unable to locate
> > security
> > system" );
> > }
> >
> > authzStatus = securitySystem.isAuthorized( securitySession,
> > permission, resource!=null?resource:"" );
> >
> > session.getServletContext().setAttribute( "redbackCache" +
> > permission + (resource!=null?resource:""), Boolean.valueOf(
> > authzStatus ) );
> > }catch (
> > AuthorizationException ae ){
> >
> > throw new ServletException( "error with authorization", ae
> > );
> > }
> >
> > }else{
> > authzStatus =
> > authzStatusBool.booleanValue();
> > }
> >
> > session.getServletContext().setAttribute(
> > "ifAuthorizedTag",
> > Boolean.valueOf( authzStatus ) );
> > return authzStatus;
> > }
> > --
> > View this message in context:
> > http://www.nabble.com/File-upload-%28jupload%29--how-to-disable-struts2%27-fileupload-interceptor--tp23534189p23604543.html
> > Sent from the Struts - User mailing list archive at
> > Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> > For additional commands, e-mail: user-h...@struts.apache.org
> >
> >
>
>
> __________________________________________________________________
> Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your
> favourite sites. Download it now
> http://ca.toolbar.yahoo.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
_________________________________________________________________
Hotmail® has ever-growing storage! Don’t worry about storage limits.
http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage1_052009
