Re: SecurityFilter Question?
Hi Jason, How do I use a login form that branch out to 2 restricted area depending on user's role using SecurityFilter? i.e. - if user has user role and log on, give access to /user/* - if user has admin role and log on, give access to /admin/* The only way I can think of how to do this is to use 2 links to 2 login forms, 1 form for each. BTW, can I assign roles for each Action in struts-config.xml so that I don't have to prefix path attribute of each Action with /user or /admin? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
struts-el doesn't accept expressions
Hello everybody, struts-el TLDs are somewhat strange, they set rtexprvalue to false and hence this is what happens when I put an EL expr in an struts-el tag: "According to TLD or attribute directive in tag file, attribute action does not accept any expressions" Well, where is that hidden secret switch to make it work? What I do so far: 1) struts-el.jar to classpath 2) struts-el TLDs to WEB-INF 3) use tags, i.e.: pgpaTRyoyKIXA.pgp Description: PGP signature
Re: SecurityFilter Question?
I guess it depends on what sort of application you have. Normally, you might display a welcome page and give access to all the stuff that doesn't need a user to login. If everything requires them to be authenticated, you could just display the welcome + the login form. Once they log in, display some sort of welcome page for that user. This might have the menu of links they can use. If you use tiles you can insert a tile for a user or admin based on role eg Or use the struts logic tag which would allow only roles user and guest. Another way is just to display the link to an action in /user/*, if they click on the link and they are not authenticated or have the role of 'user' they will be directed to the login form. Once they login and they have the role of 'user' then they will get to the /user/* action they requested at the start. So you don't need to do any thing special in this case. As for populating a User bean into a session once they are authenticated I have done this in the past with a filter. I place it after the security filter in the chain of filters. It checks if the user is logged in, if they are and there is no session bean, the filter creates+populates the bean and stores it in the session ready for any action that needs to use it. In the struts config you can add a role="admin" parameter. It means struts will check that the user has that role before it allows the action to be executed. Can't remember what happens if they are not authenticated - might throw an exception that you can catch and display an error message? struts Dude wrote: Hi Jason, How do I use a login form that branch out to 2 restricted area depending on user's role using SecurityFilter? i.e. - if user has user role and log on, give access to /user/* - if user has admin role and log on, give access to /admin/* The only way I can think of how to do this is to use 2 links to 2 login forms, 1 form for each. BTW, can I assign roles for each Action in struts-config.xml so that I don't have to prefix path attribute of each Action with /user or /admin? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
struts webapp failure
I have a simple struts webapp I'm developing use Eclipse v3.0 / MyEclipse Enterprise Workbench v3.8.0. This webapp has been deployed as a WAR file to a local installation of Tomcat v4.1.30 on my WinXP Pro SP1 development system and I can browse to it w/o any problems using Mozilla and it works just fine. If I take the same WAR file and copy it over to a Tomcat installation on an OpenVMS Alpha v7.3-1 system [running CSWS_JAVA v2.1, which is Tomcat v4.1.24], I get the following error when attempting to browse to the webapp: HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: Exception forwarding for name login: org.apache.jasper.JasperException: Unable to compile class for JSP at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java) [snipped] root cause javax.servlet.ServletException: Exception forwarding for name login: org.apache.jasper.JasperException: Unable to compile class for JSP at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java) at org.apache.jsp.index_jsp._jspService(index_jsp.java) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java) [snipped] Both of these installations of Tomcat are using JDK v1.4.2. My webapp's web.xml file specifies a welcome file named "index.jsp" and all that "index.jsp" does is use the "logic:forward" tag to forward to a login action. The "welcome.jsp" file is in the root folder of the webapp, while all of the other JSP files are in a subfolder under WEB-INF. Why would a JSP fail to compile on the Tomcat implementation on OpenVMS but still compile properly for the Tomcat implementation on WinXP? TIA, Chuck -- Chuck Chopp ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651 Do not send me unsolicited commercial email. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts webapp failure
Windows is not case sensetive. Check that. .V Chuck Chopp wrote: I have a simple struts webapp I'm developing use Eclipse v3.0 / MyEclipse Enterprise Workbench v3.8.0. This webapp has been deployed as a WAR file to a local installation of Tomcat v4.1.30 on my WinXP Pro SP1 development system and I can browse to it w/o any problems using Mozilla and it works just fine. If I take the same WAR file and copy it over to a Tomcat installation on an OpenVMS Alpha v7.3-1 system [running CSWS_JAVA v2.1, which is Tomcat v4.1.24], I get the following error when attempting to browse to the webapp: HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: Exception forwarding for name login: org.apache.jasper.JasperException: Unable to compile class for JSP at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java) [snipped] root cause javax.servlet.ServletException: Exception forwarding for name login: org.apache.jasper.JasperException: Unable to compile class for JSP at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java) at org.apache.jsp.index_jsp._jspService(index_jsp.java) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java) [snipped] Both of these installations of Tomcat are using JDK v1.4.2. My webapp's web.xml file specifies a welcome file named "index.jsp" and all that "index.jsp" does is use the "logic:forward" tag to forward to a login action. The "welcome.jsp" file is in the root folder of the webapp, while all of the other JSP files are in a subfolder under WEB-INF. Why would a JSP fail to compile on the Tomcat implementation on OpenVMS but still compile properly for the Tomcat implementation on WinXP? TIA, Chuck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts webapp failure
Vic wrote: Windows is not case sensetive. Check that. That's an interesting point. Case is preserved in NTFS but the file system isn't actually case sensitive w/respect to locating folders & files. My OpenVMS system is using a file system that is I'll have to examine the actual file names that were unpacked from the WAR file on my OpenVMS Alpha system and compare them with the case of the file names that are in the various XML configuration file elements to see if there's a discrepancy between what exists vs. what is being specified. Of course, my OpenVMS system is using an ODS-5 volume for Java/Tomcat which supports the long file names with multiple dots in them, but it, too, also preserves case w/o being case-sensitive. Still, the Java implementation on OpenVMS may force case-sensitivity even if the user shell environment isn't case-sensitive when manipulating files. -- Chuck Chopp ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651 Do not send me unsolicited commercial email. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to cope with non-static database schemes
As part of an application that I'm thinking about, users may specify new db tables which are then added to the database. The names of such tables, as well as the number and data types of their fields, are chosen by the user himself (step 1). Following the creation of a new table, the user should be presented an appropriate input form, allowing him to enter data (step 2). (How) is it possible to provide the corresponding form beans and action classes and (how) do they have to be registered in struts-config.xml? Compared to working with a static db scheme, what's the difference in approach? -- Thanks a lot, Fabian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SecurityFilter Question?
- Original Message - From: "Jason Lea" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Sunday, August 29, 2004 11:04 PM Subject: Re: SecurityFilter Question? > As for populating a User bean into a session once they are > authenticated I have done this in the past with a filter. I place > it after the security filter in the chain of filters. It checks if the > user is logged in, if they are and there is no session bean, the filter > creates+populates the bean and stores it in the session ready for any > action that needs to use it. Can't u do this using an Action? Say, accessing /admin/LogAction.do invokes SecurityFilter, after authentication by SecurityFilter is passed, go directly to LogAction as below Within LogAction class, construct User bean from logonForm and add it to session. Is that possible or is the request parameters from logonForm lost? Can u be more specific of how u use a filter right after security filter to populate User bean and put it in Session? I am thinking of somehow constructing User bean in subclass of SimpleSecurityRealmBase, then if authentication pass, store this bean somehow and pass it along to requested Action specified in struts-config.xml. Another idea is to somehow integrate SimpleSecurityRealmBase into an Action class... Thanks > > In the struts config you can add a role="admin" parameter. It means > struts will check that the user has that role before it allows the > action to be executed. Can't remember what happens if they are not > authenticated - might throw an exception that you can catch and display > an error message? > > struts Dude wrote: > > >Hi Jason, > > > >How do I use a login form that branch out to 2 > >restricted area depending on user's role using > >SecurityFilter? i.e. > > - if user has user role and log on, give access > > to /user/* > >- if user has admin role and log on, give access > > to /admin/* > > > >The only way I can think of how to do this is to > >use 2 links to 2 login forms, 1 form for each. > > > >BTW, can I assign roles for each Action in > >struts-config.xml so that I don't have to > >prefix path attribute of each Action with > >/user or /admin? > > > > > >Thanks > > > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > -- > Jason Lea > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Container Managed authentication question
hi Using container managed authentication, can i relay request parameters(i.e. username & password) to loginAction after successful authentication? Because I want to construct a User bean and add it to Session after successful authentication but request parameters seem to get lost. Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts webapp failure
OK, nothing bad appears to be happening that I can attribute to a case sensitivity issue. I'm still at a loss, though, to identify what the source of the problem atually is. I took the same webapp WAR file and deployed it to a NetWare v6.5 SP2 server running JRE 1.4 and Tomcat v4.1.28 and the WAR file unpacked & deployed w/o any problems at all. I can run it w/o any problems on the NetWare server so I'm thinking there must be something specific to the Tomcat installation on my OpenVMS system that is broken. -- Chuck Chopp ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651 Do not send me unsolicited commercial email. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Possible to change input path in actionForm validate?
I tried that but it is complainin about more than one identical action definition in struts-config. sebastian ho On Fri, 2004-08-27 at 20:21, Paul McCulloch wrote: > One way to do this is to have multiple actions defined in struts-config.xml, > each using the same Action class. Each action can have a different input > JSP. > > Paul > > > -Original Message- > > From: Sebastian Ho [mailto:[EMAIL PROTECTED] > > Sent: Friday, August 27, 2004 1:05 PM > > To: Struts Users Mailing List > > Subject: Possible to change input path in actionForm validate? > > > > > > Hi > > > > Is it possible to change the input path that validate() displays if > > there are errors in the validation? > > > > I try using mapping.setInput() but it returns > > "java.lang.IllegalStateException: Configuration is froze". > > > > Reason for this is I am using the same Action for different JSP, > > therefore the validation errors need to be displayed in the respective > > JSP, and not the input path specified in actino-mappings. > > > > Thanks > > > > Sebastian Ho > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > ** > Axios Email Confidentiality Footer > Privileged/Confidential Information may be contained in this message. If you are not > the addressee indicated in this message (or responsible for delivery of the message > to such person), you may not copy or deliver this message to anyone. In such case, > you should destroy this message, and notify us immediately. If you or your employer > does not consent to Internet email messages of this kind, please advise us > immediately. Opinions, conclusions and other information expressed in this message > are not given or endorsed by my Company or employer unless otherwise indicated by an > authorised representative independent of this message. > WARNING: > While Axios Systems Ltd takes steps to prevent computer viruses from being > transmitted via electronic mail attachments we cannot guarantee that attachments do > not contain computer virus code. You are therefore strongly advised to undertake > anti virus checks prior to accessing the attachment to this electronic mail. Axios > Systems Ltd grants no warranties regarding performance use or quality of any > attachment and undertakes no liability for loss or damage howsoever caused. > ** > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
manual validation of a form field
Hello, I am using Struts 1.1 and the built-in validation framework, which works great. However, I have a few forms that have data that must be parsed a bit before it can be validated. For example, a textarea with 1 email address per line. Is there a way that I can use the validator api to do this from within my action? If somebody has some code/configuration that does this or some url to point me in the right direction, that'd be great. Thanks in advance, Gary. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: manual validation of a form field
Hi, You can write your own validator to take care of that -- see the Pluggable Validators section on the Struts site. -Yves- On 29 Aug 2004 22:24:43 -0400, Gary S. Cuozzo <[EMAIL PROTECTED]> wrote: > Hello, > I am using Struts 1.1 and the built-in validation framework, which works > great. However, I have a few forms that have data that must be parsed a > bit before it can be validated. For example, a textarea with 1 email > address per line. Is there a way that I can use the validator api to do > this from within my action? > > If somebody has some code/configuration that does this or some url to > point me in the right direction, that'd be great. > > Thanks in advance, > Gary. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- For me to poop on! http://www.formetopoopon.com http://www.nbc.com/nbc/Late_Night_with_Conan_O'Brien/video/triumph.shtml - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Container Managed authentication question
struts Dude wrote: hi Using container managed authentication, can i relay request parameters(i.e. username & password) to loginAction after successful authentication? Because I want to construct a User bean and add it to Session after successful authentication but request parameters seem to get lost. Thanks You can get the user's name using request.getUserPrincipal().getName(); however, for security reasons, you cannot get the user's password. If you must have the password, then you may need to use application-managed security (or SecurityFilter). Bill Siggelkow - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: manual validation of a form field
Thanks for the quick reply. I'll read up on that. gary. On Sun, 2004-08-29 at 22:50, Yves Sy wrote: > Hi, > > You can write your own validator to take care of that -- see the > Pluggable Validators section on the Struts site. > > -Yves- > > On 29 Aug 2004 22:24:43 -0400, Gary S. Cuozzo > <[EMAIL PROTECTED]> wrote: > > Hello, > > I am using Struts 1.1 and the built-in validation framework, which works > > great. However, I have a few forms that have data that must be parsed a > > bit before it can be validated. For example, a textarea with 1 email > > address per line. Is there a way that I can use the validator api to do > > this from within my action? > > > > If somebody has some code/configuration that does this or some url to > > point me in the right direction, that'd be great. > > > > Thanks in advance, > > Gary. > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Reload application resources !!!
Hello, Is it possible to reload the resource properties fot Struts appliction? The application resources are specifiy in struts-cong.xml, is it possible to reload it in run-time ??? Sometimes I will modify the messages resource properties, I have to restart the web app after the modification. Therefore, it is better to have a way to reload the resource properties !! Eric == If you know what you are doing, it is not called RESEARCH! == - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
validation problem on metod validwhen when identifiers icludes '_'
Hi. I'm using struts 1.2.1 (or try to) and I have probles with validation metod validwhen when identifiers icludes '_' . Package changes description says that this was repaired. What I'm doing wrong. Could enyone helps! Thanks Drago Jenko The error occurs SystemErr R line 1:6: unexpected char: '_' SystemErr R at java.lang.Throwable.(Throwable.java) SystemErr R at java.lang.Throwable.(Throwable.java) SystemErr R at antlr.ANTLRException.(ANTLRException.java:17) SystemErr R at antlr.TokenStreamRecognitionException.(TokenStreamRecognitionException.java:18) SystemErr R at org.apache.struts.validator.validwhen.ValidWhenLexer.nextToken(ValidWhenLexer.java:187) SystemErr R at antlr.TokenBuffer.fill(TokenBuffer.java) SystemErr R at antlr.TokenBuffer.LA(TokenBuffer.java:80) SystemErr R at antlr.LLkParser.LA(LLkParser.java:52) SystemErr R at org.apache.struts.validator.validwhen.ValidWhenParser.field(ValidWhenParser.java:243) SystemErr R at org.apache.struts.validator.validwhen.ValidWhenParser.value(ValidWhenParser.java:342) SystemErr R at org.apache.struts.validator.validwhen.ValidWhenParser.comparisonExpression(ValidWhenParser.java:391) SystemErr R at org.apache.struts.validator.validwhen.ValidWhenParser.expr(ValidWhenParser.java:374) SystemErr R at org.apache.struts.validator.validwhen.ValidWhenParser.joinedExpression(ValidWhenParser.java:405) SystemErr R at org.apache.struts.validator.validwhen.ValidWhenParser.expr(ValidWhenParser.java:379) SystemErr R at org.apache.struts.validator.validwhen.ValidWhenParser.expression(ValidWhenParser.java:365) SystemErr R at org.apache.struts.validator.validwhen.ValidWhen.validateValidWhen(ValidWhen.java:114) SystemErr R at java.lang.reflect.AccessibleObject.invokeImpl(Native Method) SystemErr R at java.lang.reflect.AccessibleObject.invokeI(AccessibleObject.java:215) SystemErr R at java.lang.reflect.Method.invoke(Method.java) SystemErr R at org.apache.commons.validator.ValidatorAction.executeValidationMethod(ValidatorAction.java:567) SystemErr R at org.apache.commons.validator.Field.validateForRule(Field.java:811) SystemErr R at org.apache.commons.validator.Field.validate(Field.java:890) SystemErr R at org.apache.commons.validator.Form.validate(Form.java:174) SystemErr R at org.apache.commons.validator.Validator.validate(Validator.java:367) SystemErr R at org.apache.struts.validator.ValidatorForm.validate(ValidatorForm.java:112) In validation.xml I have this test condition with field lkv_akont test ((lkv_akont != 'D') or (*this* != null)) Validator Package Changes [ org.apache.struts.validator] 2004-06-24 - ValidWhen: "allow '_' (underscore) in identifiers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Reload application resources !!!
Hi, I'd like to have some way to expand the resouse interface. for example, we can extend our own resource module to make the resouce store in RDMS, not in the property file. It sounds like the way that JAAS login module is doing. By that, we can implement more advanced resouce control function, like resouce control pannel in the web application's admin console. Yufan Shi We are Online! http://www.ivanshi.com/blog/ -Original Message- From: Eric Chow [mailto:[EMAIL PROTECTED] Sent: Monday, August 30, 2004 12:10 PM To: Struts Users Mailing List Subject: Reload application resources !!! Hello, Is it possible to reload the resource properties fot Struts appliction? The application resources are specifiy in struts-cong.xml, is it possible to reload it in run-time ??? Sometimes I will modify the messages resource properties, I have to restart the web app after the modification. Therefore, it is better to have a way to reload the resource properties !! Eric == If you know what you are doing, it is not called RESEARCH! == - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Reload application resources !!!
Hi, I'd like to have some way to expand the resouse interface. for example, we can extend our own resource module to make the resouce store in RDMS, not in the property file. It sounds like the way that JAAS login module is doing. By that, we can implement more advanced resouce control function, like resouce control pannel in the web application's admin console. Yufan Shi We are Online! http://www.ivanshi.com/blog/ -Original Message- From: Eric Chow [mailto:[EMAIL PROTECTED] Sent: Monday, August 30, 2004 12:10 PM To: Struts Users Mailing List Subject: Reload application resources !!! Hello, Is it possible to reload the resource properties fot Struts appliction? The application resources are specifiy in struts-cong.xml, is it possible to reload it in run-time ??? Sometimes I will modify the messages resource properties, I have to restart the web app after the modification. Therefore, it is better to have a way to reload the resource properties !! Eric == If you know what you are doing, it is not called RESEARCH! == - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SecurityFilter Question?
struts Dude wrote:
- Original Message -
From: "Jason Lea" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Sunday, August 29, 2004 11:04 PM
Subject: Re: SecurityFilter Question?
As for populating a User bean into a session once they are
authenticated I have done this in the past with a filter. I place
it after the security filter in the chain of filters. It checks if the
user is logged in, if they are and there is no session bean, the filter
creates+populates the bean and stores it in the session ready for any
action that needs to use it.
Can't u do this using an Action? Say, accessing /admin/LogAction.do
invokes SecurityFilter, after authentication by SecurityFilter is passed,
go directly to LogAction as below
The problem comes if the user bookmarks a url like /user/abc.do, starts
up their browser and goes directly to the protected URL. The security
filter will take them to the login form, they submit username/password
and seucirty filter authenticates them. Once they are authenticated
they are redirected back to /users/abc.do - they don't pass through
LogAction at all. So I normally have a filter that makes sure the bean
is in session from where ever they are called.
You don't have to use a filter though, you could make a base action that
does puts the bean into session and have all your actions sub-class that
one.
validate="false">
name="success"
path="/pages/Welcome.jsp"/>
Within LogAction class, construct User bean from logonForm and
add it to session. Is that possible or is the request parameters from
logonForm lost?
Can u be more specific of how u use a filter right after security
filter to populate User bean and put it in Session?
example:
public class LoginFilter implements Filter {
public static final String USER_BEAN_KEY = "USER_BEAN_KEY";
private FilterConfig filterConfig;
public void init(FilterConfig config) throws ServletException {
this.filterConfig = config;
}
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpSession session = request.getSession();
if (null == session.getAttribute(USER_BEAN_KEY)
&& null != request.getUserPrincipal()) {
session.setAttribute(USER_BEAN_KEY, request.getUserPrincipal());
// do your post authentication stuff here
Principal principal = request.getUserPrincipal();
...
}
chain.doFilter(req, res);
}
}
and in the web.xml:
Security Filter
/*
LoginFilter
I am thinking of somehow constructing User bean in subclass
of SimpleSecurityRealmBase, then if authentication pass,
store this bean somehow and pass it along to requested Action
specified in struts-config.xml.
Another idea is to somehow integrate SimpleSecurityRealmBase
into an Action class...
Thanks
In the struts config you can add a role="admin" parameter. It means
struts will check that the user has that role before it allows the
action to be executed. Can't remember what happens if they are not
authenticated - might throw an exception that you can catch and display
an error message?
struts Dude wrote:
Hi Jason,
How do I use a login form that branch out to 2
restricted area depending on user's role using
SecurityFilter? i.e.
- if user has user role and log on, give access
to /user/*
- if user has admin role and log on, give access
to /admin/*
The only way I can think of how to do this is to
use 2 links to 2 login forms, 1 form for each.
BTW, can I assign roles for each Action in
struts-config.xml so that I don't have to
prefix path attribute of each Action with
/user or /admin?
Thanks
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Jason Lea
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Jason Lea
Re: JSTL Tag problem!!
>> Your works here, the problem is EL not being evaluated
>> So I still recommend you configure the IsELIgnored page directive
As you said i made IsELIgnored page directive to false, i got into a new problem
that my logic-el tags are not working now.
i am getting an error as "According to TLD or attribute directive in tag file,
attribute property does not accept any expressions" in the following line
I guess that EIs in struts-el tags won't work if you make the IsELIgnored page
directive to false.
I tried to convert the above logic-el tag to c:forEach.
.
where pageValue(pageNo) and questionValue(questionNo) are the indexed property
methods.But here also i am facing a problem.
The Error says the expression contains invalid expression(s):
javax.servlet.jsp.el.ELException: Encountered "", expected one of ["}", ".", ">",
"gt", "<", "lt", "==", "eq", "<=", "le", ">=", "ge", "!=", "ne", "[", "+", "-", "*",
"/", "div", "%", "mod", "and", "&&", "or", "||", "?"]
I want both JSTL and struts-el tags to work as i can't convert html-el tags. How do i
do that?.
Any clues?.
thanks,
Ramkumar
> On Sat, 28 Aug 2004 18:18:58 +0530, RamKumar <[EMAIL PROTECTED]> wrote:
> > > JSTL needs to config in web.xml
> >
> > I configured JSTL in web.xml like this.
> >
> >
> >http://java.sun.com/jstl/fmt
> >/WEB-INF/fmt.tld
> >
> >
> >
> >http://java.sun.com/jstl/fmt-rt
> >/WEB-INF/fmt-rt.tld
> >
> >
> >
> >http://java.sun.com/jstl/core
> >/WEB-INF/c.tld
> >
> >
> >
> >http://java.sun.com/jstl/core-rt
> >/WEB-INF/c-rt.tld
> >
> >
> >
> >http://java.sun.com/jstl/sql
> >/WEB-INF/sql.tld
> >
> >
> >
> >http://java.sun.com/jstl/sql-rt
> >/WEB-INF/sql-rt.tld
> >
> >
> >
> >http://java.sun.com/jstl/x
> >/WEB-INF/x.tld
> >
> >
> >
> >http://java.sun.com/jstl/x-rt
> >/WEB-INF/x-rt.tld
> >
> >
> > and in my jsp page i referred like this
> >
> > <%@ taglib uri="http://java.sun.com/jstl/core"; prefix="c" %>
> >
> > Anything else i am missing here?.
> >
> > thanks,
> > Ramkumar
> >
> >
> >
> > > On Sat, 28 Aug 2004 18:17:42 +0800, Can Zheng <[EMAIL PROTECTED]> wrote:
> > > > Seems the evaluation of El was not working.
> > > >
> > > > You can either set JSP configurations in the web.xml
> > > >
> > > > or set the IsELIgnored page directive to false in JSP pages.
> > > > On Sat, 28 Aug 2004 13:37:03 +0530, RamKumar <[EMAIL PROTECTED]>
> > wrote:
> > > > > Hi All,
> > > > > I am using JSTL in my JSP page for the first time. I am
> > running into a problem with the following tag.
> > > > >
> > > > >
> > > > > and it prints in the page as
> > "${sessionScope.SurveyCreateForm.surveyTitle}"
> > > > >
> > > > > Any clues?
> > > > >
> > > > > thanks,
> > > > > Ramkumar
> > > > >
> > > >
> > > >
> > > > --
> > > > Best regards,
> > > >
> > > > Can Zheng
> > > >
> > > > -
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > > --
> > > Javen Fang
> > > ---
> > > Just for fun - Just do it
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> Best regards,
>
> Can Zheng
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
Re: JSTL Tag problem!!
Where is the ending }
see error:
expected one of ["}
On Mon, 30 Aug 2004 12:15:02 +0530, RamKumar <[EMAIL PROTECTED]> wrote:
>
>
> >> Your works here, the problem is EL not being evaluated
>
> >> So I still recommend you configure the IsELIgnored page directive
>
> As you said i made IsELIgnored page directive to false, i got into a new problem
> that my logic-el tags are not working now.
>
> i am getting an error as "According to TLD or attribute directive in tag file,
> attribute property does not accept any expressions" in the following line
>
> property="pageValue[${pageNo}].questionValue[${questionNo}].skipLogicList"
> indexId="ctr">
>
> I guess that EIs in struts-el tags won't work if you make the IsELIgnored page
> directive to false.
>
> I tried to convert the above logic-el tag to c:forEach.
>
> items="${sessionScope.SurveyCreateForm.pageValue[pageNo].questionValue[questionNo].skipLogicList"
> var="ss" varStatus="status">.
>
> where pageValue(pageNo) and questionValue(questionNo) are the indexed property
> methods.But here also i am facing a problem.
>
> The Error says the expression contains invalid expression(s):
> javax.servlet.jsp.el.ELException: Encountered "", expected one of ["}", ".", ">",
> "gt", "<", "lt", "==", "eq", "<=", "le", ">=", "ge", "!=", "ne", "[", "+", "-", "*",
> "/", "div", "%", "mod", "and", "&&", "or", "||", "?"]
>
> I want both JSTL and struts-el tags to work as i can't convert html-el tags. How do
> i do that?.
>
> Any clues?.
>
>
>
> thanks,
> Ramkumar
>
> > On Sat, 28 Aug 2004 18:18:58 +0530, RamKumar <[EMAIL PROTECTED]> wrote:
> > > > JSTL needs to config in web.xml
> > >
> > > I configured JSTL in web.xml like this.
> > >
> > >
> > >http://java.sun.com/jstl/fmt
> > >/WEB-INF/fmt.tld
> > >
> > >
> > >
> > >http://java.sun.com/jstl/fmt-rt
> > >/WEB-INF/fmt-rt.tld
> > >
> > >
> > >
> > >http://java.sun.com/jstl/core
> > >/WEB-INF/c.tld
> > >
> > >
> > >
> > >http://java.sun.com/jstl/core-rt
> > >/WEB-INF/c-rt.tld
> > >
> > >
> > >
> > >http://java.sun.com/jstl/sql
> > >/WEB-INF/sql.tld
> > >
> > >
> > >
> > >http://java.sun.com/jstl/sql-rt
> > >/WEB-INF/sql-rt.tld
> > >
> > >
> > >
> > >http://java.sun.com/jstl/x
> > >/WEB-INF/x.tld
> > >
> > >
> > >
> > >http://java.sun.com/jstl/x-rt
> > >/WEB-INF/x-rt.tld
> > >
> > >
> > > and in my jsp page i referred like this
> > >
> > > <%@ taglib uri="http://java.sun.com/jstl/core"; prefix="c" %>
> > >
> > > Anything else i am missing here?.
> > >
> > > thanks,
> > > Ramkumar
> > >
> > >
> > >
> > > > On Sat, 28 Aug 2004 18:17:42 +0800, Can Zheng <[EMAIL PROTECTED]> wrote:
> > > > > Seems the evaluation of El was not working.
> > > > >
> > > > > You can either set JSP configurations in the web.xml
> > > > >
> > > > > or set the IsELIgnored page directive to false in JSP pages.
> > > > > On Sat, 28 Aug 2004 13:37:03 +0530, RamKumar <[EMAIL PROTECTED]>
> > > wrote:
> > > > > > Hi All,
> > > > > > I am using JSTL in my JSP page for the first time. I am
> > > running into a problem with the following tag.
> > > > > >
> > > > > >
> > > > > > and it prints in the page as
> > > "${sessionScope.SurveyCreateForm.surveyTitle}"
> > > > > >
> > > > > > Any clues?
> > > > > >
> > > > > > thanks,
> > > > > > Ramkumar
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Best regards,
> > > > >
> > > > > Can Zheng
> > > > >
> > > > > -
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Javen Fang
> > > > ---
> > > > Just for fun - Just do it
> > > >
> > > > -
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > --
> > Best regards,
> >
> > Can Zheng
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
