struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colin Sampaleanu <>
Subject RE: Returning a standard jsp page
Date Fri, 22 Sep 2000 17:37:56 GMT
> -----Original Message-----
> From: Craig R. McClanahan []
> Sent: September 22, 2000 1:24 PM
> To:
> Subject: Re: Returning a standard jsp page
> Kevin Gibbs wrote:
> > Is there a way to return a default page for every action 
> without setting up
> > an entry for each action in action.xml?
> >
> > Scenario:
> > We want to check if a user has "permission" to use an 
> action, and if not
> > return them to a standard "Permission Denied" page.
> >
> > Have I explained this enough?
> >
> With the current Struts, you can define a "global" forward 
> definition by putting
> the <forward> element outside of any <action> element:
>     <action-mappings>
>         <forward name="denied" path="/permission-denied.jsp">
>         <action ...>
>         <action ...>
>     </action-mappings>
> Then, in your action that checks for permission, just call:
>     return (servlet.findForward("denied"));
> to look up the logical definition of the "denied" forwarding 
> element, and ask
> the controller servlet to forward control to the corresponding page.
> If you want the controller servlet to do this check for you 
> automatically, so
> that you don't have to check in every action, one approach 
> would be to subclass
> ActionServlet and override the processMapping() method, 
> something like this:
>     protected ActionMapping processMapping(String path) {
>         if (user is allowed to access this path) {
>             return (super.processMapping(path));
>         else
>             return (a special mapping for my denied message)
>         }
>     }
> where the "special mapping" action would do the trick 
> described above and look
> up the right ActionForward.
> This approach would centralize all the access control 
> checking in one place.

Craig, this is exactly what we do in one installation. We added a
'validRole' property to the mapping object, and processMapping checks if the
user is logged in, redirects to a login form if needed (which redirects back
to the original path afterwards), and then checks if the user is in the
right role for that mapping. The one little problem is that processMapping
does not know about the request object, but needs it if it is to properly
get and save data for later use. In the subclasses ActionServlet I had to
override the whole process method so it could call the new processMapping
method and pass in the request as well. Can you possibly add the request as
aparameter to the base processMapping function instead, so I don't have to
override process()?

The other approach that would work would be to chain to a special redirector
action that would do the work, but there are a few advantages to the way we
do it now, and I don't see any negatives to passing the request object to
processMapping as well...


View raw message