----- Original Message -----
From: "Jason Lea" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Sunday, August 29, 2004 11:04 PM
Subject: Re: SecurityFilter Question?
> As for populating a User bean into a session once they are
> authenticated.... I have done this in the past with a filter. I place
> it after the security filter in the chain of filters. It checks if the
> user is logged in, if they are and there is no session bean, the filter
> creates+populates the bean and stores it in the session ready for any
> action that needs to use it.
Can't u do this using an Action? Say, accessing /admin/LogAction.do
invokes SecurityFilter, after authentication by SecurityFilter is passed,
go directly to LogAction as below
<action path="/admin/LogAction"
type="app.LogAction"
name="logonForm"
scope="request"
input="/pages/Logon.jsp"
parameter="action"
validate="false">
<forward
name="success"
path="/pages/Welcome.jsp"/>
</action>
Within LogAction class, construct User bean from logonForm and
add it to session. Is that possible or is the request parameters from
logonForm lost?
Can u be more specific of how u use a filter right after security
filter to populate User bean and put it in Session?
I am thinking of somehow constructing User bean in subclass
of SimpleSecurityRealmBase, then if authentication pass,
store this bean somehow and pass it along to requested Action
specified in struts-config.xml.
Another idea is to somehow integrate SimpleSecurityRealmBase
into an Action class...
Thanks
>
> In the struts config you can add a role="admin" parameter. It means
> struts will check that the user has that role before it allows the
> action to be executed. Can't remember what happens if they are not
> authenticated - might throw an exception that you can catch and display
> an error message?
>
> struts Dude wrote:
>
> >Hi Jason,
> >
> >How do I use a login form that branch out to 2
> >restricted area depending on user's role using
> >SecurityFilter? i.e.
> > - if user has user role and log on, give access
> > to /user/*
> >- if user has admin role and log on, give access
> > to /admin/*
> >
> >The only way I can think of how to do this is to
> >use 2 links to 2 login forms, 1 form for each.
> >
> >BTW, can I assign roles for each Action in
> >struts-config.xml so that I don't have to
> >prefix path attribute of each Action with
> >/user or /admin?
> >
> >
> >Thanks
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
>
>
> --
> Jason Lea
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
