I've some problem with filter.
so i'll try with interceptor.
i've done something like that:
public String intercept(ActionInvocation invocation) throws Exception {
Map session = ActionContext.getContext().getSession();
Object o = session.get("logged");
boolean ret = false;
if (o != null) {
String admin = "" + o;
if (admin.equals("admin")) {
ret = true;
}
}
if (ret) {
return invocation.invoke();
} else {
return "denied";
}
}
but when i mapped the interceptor, how can i choose what i've to do?
i've to put a result named denied in each action?
On Wed, May 20, 2009 at 15:28, Andy Sykes <[email protected]> wrote:
> You need to include <dispatcher> elements in your filter mappings for the
> Struts filter.
>
> eg.
>
> <filter-mapping>
> <filter-name>struts2</filter-name>
> <url-pattern>/*</url-pattern>
> <dispatcher>REQUEST</dispatcher>
> <dispatcher>FORWARD</dispatcher>
> </filter-mapping>
>
> With no <dispatcher> element specified, the container assumes you mean the
> filter chain only gets applied to requests.
>
> The <dispatcher>FORWARD</dispatcher> element means the filter chain will get
> invoked when a servlet performs a forward (as your code does).
>
> Just FYI - you may want to consider doing your protection with Interceptors,
> since it's a bit less clumsy than lugging around servlet filters with
> Struts.
>
> You can very easily write an Interceptor[1] that will return a certain
> result type (say "denied") based on whether a specified attribute exists in
> the user's session. Doing so is left as an exercise to the reader :)
>
> You're not then limited to using mappings in the web.xml, and all the logic
> is embedded in the framework you've chosen.
>
> Struts' interceptors are a very powerful AOP-style pattern that I think are
> sometimes overlooked and aren't emphasised enough...
>
> [1] http://struts.apache.org/2.x/docs/writing-interceptors.html
>
> On 20 May 2009, at 13:42, Stefano Tranquillini wrote:
>
>> now is taked. but i've some problem with the dispacer.
>> i've an action mapped in this way:
>> <action name="denied" >
>> <result type="tiles">denied</result>
>> </action>
>>
>> namespace is /
>>
>> if i manually put in this url:
>> http://localhost:8080//WAP-Shop-war/denied.action its WORKS.
>>
>> the filter, else branch is this:
>> else {
>> RequestDispatcher rd = null;
>> rd = sc.getRequestDispatcher("/denied.action");
>> rd.forward(myRequest, myResponse);
>> }
>>
>> and has to recall the same url see above, but he returns an error (404):
>>
>> type Status report
>>
>> message /WAP-Shop-war/denied.action
>>
>> description The requested resource (/WAP-Shop-war/denied.action) is
>> not available.
>>
>> but is available!
>>
>> ideas?
>>
>>
>>
>> On Wed, May 20, 2009 at 13:35, Andy Sykes <[email protected]> wrote:
>>>
>>> Put the mapping for the admin filter above the struts2 filter. Filters
>>> are
>>> invoked in the order in web.xml, first to last.
>>>
>>> The struts filter is catching the request first and dispatching it before
>>> it
>>> ever reaches the admin filter.
>>>
>>> On 20 May 2009, at 09:37, Stefano Tranquillini wrote:
>>>
>>>> Hi all.
>>>> i need to block the path /admin/ for all the pepole. only the people
>>>> logged in as root can access it.
>>>> i've done a filter, but struts seems to dosen't works with its
>>>>
>>>> <filter>
>>>> <filter-name>struts2</filter-name>
>>>>
>>>>
>>>> <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
>>>> </filter>
>>>> <filter>
>>>> <filter-name>adminFilter</filter-name>
>>>> <filter-class>filter.AdminFilter</filter-class>
>>>> </filter>
>>>> <filter-mapping>
>>>> <filter-name>struts2</filter-name>
>>>> <url-pattern>/*</url-pattern>
>>>> </filter-mapping>
>>>> <filter-mapping>
>>>> <filter-name>adminFilter</filter-name>
>>>> <url-pattern>/admin/*</url-pattern>
>>>> </filter-mapping>
>>>>
>>>> public class AdminFilter implements Filter {
>>>>
>>>> FilterConfig fc;
>>>>
>>>> public AdminFilter() {
>>>> }
>>>>
>>>> public void init(FilterConfig fc) throws ServletException {
>>>> this.fc = fc;
>>>> }
>>>>
>>>> public void doFilter(ServletRequest request, ServletResponse
>>>> response, FilterChain chain) throws IOException, ServletException {
>>>>
>>>> System.out.println("i'm the filter!");
>>>>
>>>>
>>>> HttpServletResponse myResponse = (HttpServletResponse) response;
>>>> HttpServletRequest myRequest = (HttpServletRequest) request;
>>>> String user = (String)
>>>> myRequest.getSession().getAttribute("logged");
>>>> ServletContext sc = fc.getServletContext();
>>>> if (user.equals("admin")) {
>>>>
>>>>
>>>> String requestURI = myRequest.getRequestURI();
>>>> int pathLength = myRequest.getContextPath().length();
>>>> StringBuffer relativeURI = new
>>>> StringBuffer(requestURI.substring(pathLength));
>>>> String query = myRequest.getQueryString();
>>>> if (query != null) {
>>>> relativeURI.append("?").append(query);
>>>> }
>>>> RequestDispatcher rd = null;
>>>> if (relativeURI.toString().length() > 0) {
>>>> rd = sc.getRequestDispatcher(relativeURI.toString());
>>>> } else {
>>>> rd = sc.getRequestDispatcher("/WAP-Shop-war/");
>>>> }
>>>> rd.forward(myRequest, myResponse);
>>>> } else {
>>>> RequestDispatcher rd = null;
>>>> rd = sc.getRequestDispatcher("/WAP-Shop-war/");
>>>> rd.forward(myRequest, myResponse);
>>>> }
>>>> return;
>>>> }
>>>>
>>>> public void destroy() {
>>>> }
>>>> }
>>>>
>>>>
>>>> when i put the url like:
>>>> http://localhost:8080/WAP-Shop-war/admin/showAddItem.action i see the
>>>> page and i don't see the string: i'm the filter!
>>>>
>>>> where's the fault?
>>>>
>>>> --
>>>> Stefano
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [email protected]
>>>> For additional commands, e-mail: [email protected]
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>>
>>
>>
>>
>> --
>> Stefano
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
--
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
