No, its not a security issue. The exception handling inside the action
made it look like one. Sorry that I did not check that carefully enough.
Its simply that I cant get the user model inside the action. Its null.
In the Action I have the getter and setters for user and I use the
Preparable interface but still the user model is empty. In struts.xml I
have not defined any interceptors so I have tried to use params etc. .
The problem with doing the workaround with new User(
getRequest().getRemoteUser() ) is that, when trying to save the user the
userManager complains about the fact, that the user already exist and
than through the security exception.
I really have tried a lot, but cant figure it out why I cant implement
the model into the action.
My struts.xml looks like this:
<action
name="uploadImageFile"
class="UserImageFileUploadAction"
>
<interceptor-ref name="fileUploadStack"/>
<result name="input">/WEB-INF/pages/uploadImage.jsp</result>
<result
name="success">/WEB-INF/pages/uploadUserImageDisplay.jsp</result>
<result name="cancel" type="redirect">mainMenu.html</result>
</action>
the action itself looks something like this:
public class UserImageFileUploadAction extends BaseAction
implements Preparable{
private File file;
private User user;
private String name;
public void prepare() {
if (getRequest().getMethod().equalsIgnoreCase("post")) {
// prevent failures on new
if (!"".equals(getRequest().getParameter("user.id"))) {
user =
userManager.getUser(getRequest().getParameter("user.id"));
}else{
log.debug("user id fehlt.");
}
}
}
public User getUser() { return user; }
public void setUser(User user) { this.user = user; }
public String upload() throws Exception { ... }
In uploadImage.jsp no user parameters are accessible and inside the
action the user model is null. What do I do wrong?
thx
Matt Raible schrieb:
There is a class called UserSecurityAdvice that prevents you from
modifying other users unless 1) you're an administrator or 2) you are
that user. Could that be causing you problems?
Matt
On 2/29/08, *Kropp, Henning* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Hi,
I am trying to wire the user and it's service to another action
like in
the signupAction, but I really don't see through it.
In the signupAction the user can be easily accessed and changed(save).
In my action I have to do a
new User( getRequest().getRemoteUser() )
first. But still this leads to a security issue, because I dont
seem to
have the right to change the user and than save it with
userManager.saveUser(user);
because it leads to the access denied page.
I tried setting up the security.xml and the
applicationContext-struts.xml for my action but its not helping any. I
know this is pretty basic stuff so if someone just guide me to the
right
direction I really would appreciate it.
thx
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
