One approach would be to extend the Struts ActionServlet controller.
I suggested this technique for auditing last week
<http://article.gmane.org/gmane.comp.jakarta.struts.user/125634>.
You'd probably want to override processRoles instead, which happens
right after Struts resolves the URL path to an Action, but before the
ActionForm is created, populated, and validated. No sense validating a
user's input if you know he/she won't be granted access.
On 5/16/06, Jose Moreira <[EMAIL PROTECTED]> wrote:
Hello, every action in my webapp extends a BaseAction and call
super.execute(...). I'm taking advantage of this pattern to implement a
security scheme where the Action classes class signature
(com.example.XYZAction) are mapped to security levels. Example:
user X as access to com.example.XYZAction but now com.example.ABCAction.
In the BaseAction i get the permission by looking up the class in the
database:
String currectAction = mapping.getType();
almost everything works fine except if the user has no access i cant
redirect to anywhere from the baseaction getting:
StandardWrapperValve[action]: Servlet.service() for servlet action threw
exception
java.lang.IllegalStateException: Cannot forward after response has been
committed
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:324)
event when there's no 'request.getSession' in its code ....
i considered using a servlet filter mapped to the action servlet, but
there i cant get access to the mapping (?)
Any ideas besides changing the security implementation? (OMG nooo)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
