I'm trying to get away from using a struts.xml as much as possible. My
struts.xml looks like this:
<struts>
<constant name="struts.devMode" value="true" />
<package name="my-default" extends="struts-default">
<global-results>
<result name="login"
type="redirect">/authenticate/login-page</result>
</global-results>
</package>
<package name="my-secure" extends="my-default">
<interceptors>
<interceptor name="authenticationInterceptor"
class="interceptors.AuthenticationInterceptor" />
<interceptor-stack name="secureStack">
<interceptor-ref name="authenticationInterceptor" />
<interceptor-ref name="defaultStack" />
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="secureStack" />
</package>
</struts>
Then in my package-info.java I specify @ParentPackage("my-default") or
@ParentPackage("my-secure").
Brian Thompson wrote:
In my project, I have everything defined as an action in a struts.xml.
All my action classes extend BaseAction. Then, for cases where
everything I need really *is* in the jsp, I just have an action set up
something like:
<action name="jspOnly" class="BaseAction">
<result name="success">no-action-jsp.jsp</result>
</action>
Doing it this way, *everything* will be an action (though the
BaseAction execute() method doesn't really do much).
-Brian
On Sun, Jul 11, 2010 at 11:13 AM, JP Cafaro <jcafar...@gmail.com> wrote:
I'm not sure I follow. There isn't an action here.
Let's say I have a jsp page that I want to be secure, aka you have to be
logged in to visit. For all of the secure pages that actually require some
work to be done, this is ok, because the workflow is: 1) Click link to
secure page, "/secure-page", 2) This triggers action SecurePage.java 3)Then
successfully direct to /secure-page.jsp.
Some pages however, don't need any work to be done so there isn't a need for
a class. In non secure cases this is fine. Click link to "/insecure-page"
and the result is "/insecure-page.jsp". In secure cases, I don't want
"/secure-page" to go to "/secure-page.jsp" but I also don't want to make an
empty action class for every page JUST so that an interceptor can say, "hey
that action is being fired but we're not logged in, redirect to login page".
Is this possible? I'm not familiar with Spring, I'm still trying to get
through the basics of struts2. The book I'm reading uses empty classes. I
just don't like the idea that that's the only option.
Brian Thompson wrote:
Couldn't you just declare "BaseAction.java" as the action's class?
Also; it sounds like you're using a custom security solution; I'd
suggest using Spring Security instead. Custom security code is likely
to suffer from many of the bugs that Spring Security ran into years
ago.
-Brian
On Sun, Jul 11, 2010 at 8:25 AM, JP Cafaro <jcafar...@gmail.com> wrote:
One thing that I don't like (haven't figured out how to get around this)
is
the need for empty classes. If I have a secure page, like an image
upload
form, let's call it (image-upload-form.jsp), I don't want the user to be
able to access it if he or she is not logged in. To accomplish this, I
have
a package defined in my struts.xml that declares a custom interceptor.
Then, in the actions that need to be secure, I declare this package as
their ParentPackage using a package-info.java file. Finally, in order
for
an access to image-upload-form.jsp to be intercepted, I have to have a
class
called ImageUploadForm.java JUST so that the interceptor can be called.
There's nothing in the class that needs to be done. It seems like a
waste.
Is there any way around this?
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
