Mailing-List: contact user-help@struts.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
In-Reply-To: <000001c44953$19f953a0$a230010a@infotech.com>
To: "Struts Users Mailing List" <user@struts.apache.org>
Cc: "'Struts Users Mailing List'" <user@struts.apache.org>
Subject: Re: Servlet filter
MIME-Version: 1.0
From: brati.sankarghosh@tcs.com
Message-ID: 
 <OF0614CD8C.151EB73D-ON65256EA8.0044F2EE-65256EA8.00452479@tcs.com>
Date: Thu, 3 Jun 2004 17:59:13 +0530
Content-Type: multipart/mixed;
	boundary="----=_NextPartTM-000-73e75a24-130e-4fdd-a399-058b955144cb"

------=_NextPartTM-000-73e75a24-130e-4fdd-a399-058b955144cb
Content-Type: multipart/alternative;
	boundary="=_alternative 00451E6C65256EA8_="

--=_alternative 00451E6C65256EA8_=
Content-Type: text/plain; charset="US-ASCII"

Shilpa,
We are doing just that. A filter comes into effect before the control goes 
to the servlet. So if you can stop the user at the filter level you are 
actually saving some processing. We are checking for the presence of 
session in the filter.

Brati Sankar Ghosh
Tata Consultancy Services
Mailto: brati.sankarghosh@tcs.com
Website: http://www.tcs.com


"Shilpa Vaidya" <shilpa.vaidya@icici-infotech.com> 
06/03/2004 03:41 PM

Please respond to
"Struts Users Mailing List" <user@struts.apache.org>


To
"'Struts Users Mailing List'" <user@struts.apache.org>
cc

Subject
Servlet filter


hey all,
Preventing users from accesing action. I am writing a web app to manage
administrators and profiles.
Administrators may access to the web app based on the profiles they have.
The profiles, determine which pages the administrator might access. The
profiles, and authorizations, might change online during work, so I need 
to
check authorization to access a page (Action) on each access.If I 
understand
correct, then, the actionServlet, first process the form bean, and then 
the
action..
But, if the user is not authorized to access a specific page (Action), I
need to forward him to an UnAuthorized error page, before thr formAction
bean is filled.
I would like to use a servlet filter. This filter checks the users rights
and instanciates a HttpServletRequest-Wrapper.But am not sure how - .Can
anyone help.Till then me trying to study the ServletFilter examples here n
there.
Shilpa


-- 


"This e-mail message may contain confidential, proprietary or legally 
privileged information. It 
should not be used by anyone who is not the original intended recipient. 
If you have erroneously 
received this message, please delete it immediately and notify the sender. 
The recipient 
acknowledges that ICICI Bank or its subsidiaries and associated companies, 
 (collectively "ICICI 
Group"), are unable to exercise control or ensure or guarantee the 
integrity of/over the contents of the information contained in e-mail 
transmissions and further acknowledges that any views 
expressed in this message are those of the individual sender and no 
binding nature of the message shall be implied or assumed unless the 
sender does so expressly with due authority of ICICI Group.Before opening 
any attachments please check them for viruses and defects." 


ForwardSourceID:NT0000A91E 

--=_alternative 00451E6C65256EA8_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif">Shilpa,</font>
<br><font size=2 face="sans-serif">We are doing just that. A filter comes
into effect before the control goes to the servlet. So if you can stop
the user at the filter level you are actually saving some processing. We
are checking for the presence of session in the filter.</font>
<br><font size=2 face="sans-serif"><br>
Brati Sankar Ghosh<br>
Tata Consultancy Services<br>
Mailto: brati.sankarghosh@tcs.com<br>
Website: http://www.tcs.com</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>&quot;Shilpa Vaidya&quot;
&lt;shilpa.vaidya@icici-infotech.com&gt;</b> </font>
<p><font size=1 face="sans-serif">06/03/2004 03:41 PM</font>
<br>
<table border>
<tr valign=top>
<td bgcolor=white>
<div align=center><font size=1 face="sans-serif">Please respond to<br>
&quot;Struts Users Mailing List&quot; &lt;user@struts.apache.org&gt;</font></div></table>
<br>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">&quot;'Struts Users Mailing
List'&quot; &lt;user@struts.apache.org&gt;</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">Servlet filter</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>hey all,<br>
Preventing users from accesing action. I am writing a web app to manage<br>
administrators and profiles.<br>
Administrators may access to the web app based on the profiles they have.<br>
The profiles, determine which pages the administrator might access. The<br>
profiles, and authorizations, might change online during work, so I need
to<br>
check authorization to access a page (Action) on each access.If I understand<br>
correct, then, the actionServlet, first process the form bean, and then
the<br>
action..<br>
But, if the user is not authorized to access a specific page (Action),
I<br>
need to forward him to an UnAuthorized error page, before thr formAction<br>
bean is filled.<br>
I would like to use a servlet filter. This filter checks the users rights<br>
and instanciates a HttpServletRequest-Wrapper.But am not sure how - .Can<br>
anyone help.Till then me trying to study the ServletFilter examples here
n<br>
there.<br>
Shilpa<br>
<br>
<br>
<br>
<br>
<br>
-- <br>
<br>
<br>
&quot;This e-mail message may contain confidential, proprietary or legally
privileged information. It <br>
should not be used by anyone who is not the original intended recipient.
If you have erroneously <br>
received this message, please delete it immediately and notify the sender.
The recipient <br>
acknowledges that ICICI Bank or its subsidiaries and associated companies,
&nbsp;(collectively &quot;ICICI <br>
Group&quot;), are unable to exercise control or ensure or guarantee the
integrity of/over the contents of the information contained in e-mail transmissions
and further acknowledges that any views <br>
expressed in this message are those of the individual sender and no binding
nature of the message shall be implied or assumed unless the sender does
so expressly with due authority of ICICI Group.Before opening any attachments
please check them for viruses and defects.&quot; <br>
<br>
<br>
</tt></font>
<br><font size=2 color=white face="sans-serif">ForwardSourceID:NT0000A91E
&nbsp; &nbsp;</font>
<br>
--=_alternative 00451E6C65256EA8_=--


------=_NextPartTM-000-73e75a24-130e-4fdd-a399-058b955144cb
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	name="InterScan_Disclaimer.txt"
Content-Disposition: attachment;
	filename="InterScan_Disclaimer.txt"

DISCLAIMER: The information contained in this message is intended only and solely for the addressed individual or entity indicated in this message and for the exclusive use of the said addressed individual or entity indicated in this message (or responsible for delivery
of the message to such person) and may contain legally privileged and confidential information belonging to Tata Consultancy Services. It must not be printed, read, copied, disclosed, forwarded, distributed or used (in whatsoever manner) by any person other than the addressee. 
Unauthorized use, disclosure or copying is strictly prohibited and may constitute unlawful act and can possibly attract legal action, civil and/or criminal. The contents of this message need not necessarily reflect or endorse the views of Tata Consultancy Services on any subject matter.
Any action taken or omitted to be taken based on this message is entirely at your risk and neither the originator of this message nor Tata Consultancy Services takes any responsibility or liability towards the same. Opinions, conclusions and any other information contained in this message 
that do not relate to the official business of Tata Consultancy Services shall be understood as neither given nor endorsed by Tata Consultancy Services or any affiliate of Tata Consultancy Services. If you have received this message in error, you should destroy this message and may please notify the sender by e-mail. Thank you.


------=_NextPartTM-000-73e75a24-130e-4fdd-a399-058b955144cb
Content-Type: text/plain; charset=us-ascii

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
------=_NextPartTM-000-73e75a24-130e-4fdd-a399-058b955144cb--