struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erez Efrati <er...@netmedia.net.il>
Subject RE: Design Question
Date Fri, 02 Apr 2004 09:39:31 GMT
Bill, could you please expand on Struts modules and how they fit into
this situation?

The Admin and user (customer) web apps do need to share things like
images (icons, headers), and in-house custom tag libraries and maybe
more utility classes, and I wish not to have two copies of these
resources - obvious error prone.
Also, since this is EAR application the user web-app module is depended
on the EJB Logic module. The admin module would depend on the same EJB
module - that is saying no matter if the admin is as an entire new WEB
module or integrated inside a single WEB module with the user (customer)
application.

Currently the client app is under the context of "/". For security, I
configured the following:


* Everything under "/user/*.do" requires the "user" role.
* The rest is currently not protected**

The following is in my securityFilter-config.xml which behaves very much
like the web.xml <login-config> tag.

   <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
         <form-login-page>/index.jsp</form-login-page>
         <form-error-page>/loginError.do</form-error-page>
         <form-default-page>/user/Login.do</form-default-page>
      </form-login-config>
   </login-config>

Putting the two apps in one, means they use the same web.xml and
securityfilter-config.xml. So I thought configure that everything under 
"/admin/*" will require "admin or sysop roles.

One problem is that I need the login form different for the admin and
customers and the securityfilter.xml or web.xml can handle only a single
<login-config> block. This is not an issue when separating the two apps
but the resource sharing becomes one - or not?

The default "/" site should show the customer home page. 
The admin should enter the www.mysite.com/admin/ URL for login. Problem
is that the security filter will redirect him to the same customer login
form (not as I want it to be). One solution I can think of (maybe a bit
awkward) is having the <form-login-page> redirect to an action that will
examine the URL requested and will forward to the right login form,
based on that.

I assume I am not the first one to tackle these dilemmas, and I would
appreciate any help here.

-Erez

-----Original Message-----
From: news [mailto:news@sea.gmane.org] On Behalf Of Bill Siggelkow
Sent: Friday, April 02, 2004 7:33 AM
To: user@struts.apache.org
Subject: Re: Design Question

Erez, it depends a lot on the use cases.  If the admin integration to 
the customer app is all at the back-end (database) then I think you 
should try the separate web app approach.  The separate web app will 
most easily address the security issues.  If however, the admin app will

be using substantial portions of the object model (classes) and 
presentation layer than you may want to consider having the admin 
functions be in the same web app.  I think using Struts modules can be 
useful here.  I would expand more but I am about to fall asleep.

Bill Siggelkow

Erez Efrati wrote:
> Hi, 
>  
> I am developing an EJB/Struts J2EE application. 
> Up to now I have dealt with the design of the customer web application
> side 
> and I came to the admin area - the back office web application part. 
> I should also point out that I am using the securityFilter filter for
> authentication.
>  
> My question is what is recommended as for the admin web app? Should I
> use only one single Web module that
> Manages both customer and admin (back-office) tasks? And if so, how do
I
> enforce authentication rules in terms of URL structure? 
>  
> Or, should I have two separated Web modules (contexts) - one for the
> Customer app, and the other for the Admin app?
>  
> I also saw something about Struts modules, is it related?
>  
> Thanks in advance,
>  
> - Erez
>  
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message