Hi Jeff,
In general, it is better to avoid a custom RP because it is one more
thing you need to think about if you upgrade your version of Action
(Struts). It also means that someone coming after you will have to
learn about a custom extension to Action, they can't just expect the
"normal" Struts behavior (this probably isn't a big deal, but why
introduce it just the same?)
I myself would suggest doing this in a filter for two reasons... one,
it's much more "automatic" in that you don't have to worry about a
custom version of any Struts class, nor do you have to remember to
extend your classes from some custom base class, and two, it is divorced
from Struts entirely, which insulates you from changes to the framework
later, as well as giving you one less thing to think about should you
ever want to switch from Struts.
Another plus is that it *should* be a bit more secure because, assuming
you map it right, there won't be any chance of you forgetting something
somewhere (i.e., calling check code or extending the wrong base class)
and also should protect paths that you might not otherwise think of
(i.e., if you ever have a user go directly to a JSP, it should be
covered as well).
Frank
Jeff Thorne wrote:
Dave,
Thanks for the advice. I was doing some research last night and one article
suggested implementing these type of checks in the processRoles() method of
the RequestProcessor class. Would this be less efficient that defining a new
base class?
Cheers,
Jeff
-----Original Message-----
From: David Evans [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 15, 2006 8:25 AM
To: Struts Users Mailing List
Subject: RE: Efficient session object and cookie checks in struts
Instead of scattering the session/cookie checks throughout your actions,
you could make a BaseSecurityCheckAction that does the check and then
have the actions which need the checks extend the base action. In
Webwork and therefore Struts 2, you'll be able to implement this as an
interceptor, and use that interceptor for whatever actions you'd like.
dave
On Sat, 2006-04-15 at 06:43 -0700, Jeff Thorne wrote:
Andy,
Thanks for the response. I not 100% sure the session/cookie checks were
slowing me down. I just had a hunch that there must be a better way
To implement these checks than to scatter them about my jsp and action
classes.
My site acts like a portal for members and the member home page must
make many DB connections to retrieve their data much similar to a
myYahoo.
I was thinking that it was the session/cookie checks in combination with
with DB calls that was slowing down access to the member home page.
There is a lot going on my member home page with several transfer objects
Being created and put into the request object. I have been reading that it
May be more efficient to just pass the resultset back to the view rather
Than deal with the overhead of several transfer objects. Does this make
sense?
Cheers,
Jeff
-----Original Message-----
From: Adam Hardy [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 15, 2006 2:41 AM
To: Struts Users Mailing List
Subject: Re: Efficient session object and cookie checks in struts
Jeff Thorne on 15/04/06 06:19, wrote:
My struts application maintains 2 small objects in the user's
session. One is for the users location info (mandatory) and the other
is the User Object (optional). I also save 2 cookies one being the
user's location info (mandatory) and the other the user's saved login
credentials (optional) to maintain the user's information between
sessions.
When a user returns to my site I need to check for the location and
User objects in the session. If they are not there I look for the
cookies to get the information needed to recreate these session
objects. I need to perform these checks on 90% of my actions and jsp
pages however I find these checks slowing down my application. What
would be the most efficient way to provide these checks? Would it be
to provide the checks in the action base class?
Hi Jeff,
if you don't mind me asking, how do you know it is slowing your app
down? To perform these checks should require only an if clause such as
if (session.getAttribute("bean") == null)
If you have that in one place, it shouldn't slow anything down.
In answer to your question though, I would do this in an action base
class and keep the code in one place. If you are using JSPs where you
need the info but you don't go through an action to get there, you could
put it in a filter - or perhaps more simply, make all your paths go
through actions.
Adam
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
MSN: [EMAIL PROTECTED]
Java Web Parts -
http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
