I'm not sure I follow. There isn't an action here.
Let's say I have a jsp page that I want to be secure, aka you have to be
logged in to visit. For all of the secure pages that actually require
some work to be done, this is ok, because the workflow is: 1) Click link
to secure page, "/secure-page", 2) This triggers action SecurePage.java
3)Then successfully direct to /secure-page.jsp.
Some pages however, don't need any work to be done so there isn't a need
for a class. In non secure cases this is fine. Click link to
"/insecure-page" and the result is "/insecure-page.jsp". In secure
cases, I don't want "/secure-page" to go to "/secure-page.jsp" but I
also don't want to make an empty action class for every page JUST so
that an interceptor can say, "hey that action is being fired but we're
not logged in, redirect to login page".
Is this possible? I'm not familiar with Spring, I'm still trying to get
through the basics of struts2. The book I'm reading uses empty
classes. I just don't like the idea that that's the only option.
Brian Thompson wrote:
Couldn't you just declare "BaseAction.java" as the action's class?
Also; it sounds like you're using a custom security solution; I'd
suggest using Spring Security instead. Custom security code is likely
to suffer from many of the bugs that Spring Security ran into years
ago.
-Brian
On Sun, Jul 11, 2010 at 8:25 AM, JP Cafaro <jcafar...@gmail.com> wrote:
One thing that I don't like (haven't figured out how to get around this) is
the need for empty classes. If I have a secure page, like an image upload
form, let's call it (image-upload-form.jsp), I don't want the user to be
able to access it if he or she is not logged in. To accomplish this, I have
a package defined in my struts.xml that declares a custom interceptor.
Then, in the actions that need to be secure, I declare this package as
their ParentPackage using a package-info.java file. Finally, in order for
an access to image-upload-form.jsp to be intercepted, I have to have a class
called ImageUploadForm.java JUST so that the interceptor can be called.
There's nothing in the class that needs to be done. It seems like a waste.
Is there any way around this?
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
