struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Viplav Kallepu" <viplav.kall...@gmail.com>
Subject Re: Simple authentication/authorization with Struts 2 using annotation
Date Thu, 19 Jul 2007 15:57:26 GMT
 Hi,

    Thank you for sharing the idea. I am also working on the authorization
and authentication of my application.

"The authentication interceptor checks the action method for @Secured
annotation and checks the session to see if the user has logged in. If not,
the target page and parameters are saved in the session and the user is
redirected to the login page.
There is a login action that authenticates the user (using database, files,
...) and saves any needed data in the session. It then uses a LoginResult
that redirects to the target page (the secured page that the user was
redirected from) and sets the saved parameters for that page."

  My application contains lot of values in the session.So i need to populate
the session after logging in using Action class of the login page. I am
thinking of a design for allowing users to bookmark a page. After he selects
a bookmarked page, if he is not logged in he should be redirected to login
page and after logging in , he should come to the bookmarked page which is
like what you explained above. Can you please tell me how did you do this.

Regards
Viplav Kallepu








Mahdi Milani Fard <m.milanifard@gmail.com> wrote:

>
> Hi,
>
> I'm developing a Struts 2 application which needs non-role-based
> authorization (e.g. a user can see the messages of a group if he is a
> member, etc.) Realm is not enough in such case and you need to add some
> authorization code to each action if you use realm. I developed an
> authentication/authorization mechanism using annotation for this problem.
> I
> thought it's good to share this with other struts users.
>
> I use two interceptors:
> The authentication interceptor along with @Secured annotation:
>
>
> @Secured
> public String getMessageList() {
>    ...
> }
>
>
> The authentication interceptor checks the action method for @Secured
> annotation and checks the session to see if the user has logged in. If
> not,
> the target page and parameters are saved in the session and the user is
> redirected to the login page.
>
> There is a login action that authenticates the user (using database,
> files,
> ...) and saves any needed data in the session. It then uses a LoginResult
> that redirects to the target page (the secured page that the user was
> redirected from) and sets the saved parameters for that page.
>
> The second interceptor is authorization interceptor along with the
> @Authorizer annotation:
>
>
> @Secured
> @Authorizer("isMember")
> public String getMessageList() {
>    ...
> }
>
> boolean isMember() {
>    ...
> }
>
>
> Here the interceptor checks the action method for @Authorizer interceptor.
> If such annotation exists it uses reflection to call the indicated methods
> (e.g. "isMember") on the same action object. If you add the authorization
> interceptor in the correct place in the interceptor stack, at the time the
> authorizer method is called, the action bean is populated using the
> setters.
> So the authorizer can use the filled values to check for authorization and
> returns a boolean indicating if the current user (saved in session) is
> authorized to do the action (with respect to the filled parameters.)
>
> Although it looks like re-inventing the wheel, I think this mechanism is
> good enough for simple authentication/authorization.
> --
> View this message in context:
> http://www.nabble.com/Simple-authentication-authorization-with-Struts-2-using-annotation-tf4109818.html#a11687101
> Sent from the Struts - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>


-- 
Regards
Viplav Kallepu

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message