struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: S2 custom authentication: remembering original request
Date Tue, 16 Jul 2013 09:20:05 GMT
be careful when storing params into session during redirect

remember redirect invalidates the original session and creates a brand new session from client's
browser

Best to tuck away the old parameters anywhere but in the session

then construct redirect with Location header pointing to the new action (appending the old
parameters)

when constrcuting a response with an specific mime-type remember the ContentType must be set
in the response e.g:
response.setContentType("application/octet-stream");
 
then pass to filters in your chain:
 chain.doFilter(request, response);

Mime-mappings are set in web.xml as seen here
<mime-mapping>
    <extension>mysuffix</extension>
    <mime-type>mymime/type</mime-type>
  </mime-mapping>
  -->
 
or in mime.properties

Martin Gainty 
______________________________________________ 
 


 
> Date: Tue, 16 Jul 2013 09:16:12 +0100
> Subject: Re: S2 custom authentication: remembering original request
> From: gkogkaka@tcd.ie
> To: user@struts.apache.org
> 
> Hi Antonio,
> 
> I don't see anything different with the multipart requests, are you
> experiencing issues?
> 
> >>One more question: What should I do in case the original request is a
> multipart request? For instance: select picture -> click upload ->
> >>authentication -> upload action.
> 
> 
> On 15 July 2013 18:19, Antonio Sánchez <juntandolineas@gmail.com> wrote:
> 
> > Hi Antonios. Thank you very much.
> >
> > I was using
> >
> > invocation.getProxy().getConfig().getParams()
> >
> > instead, but that returns an immutable map. It works using
> > getInvocationContext().getParameters(). Thank you.
> >
> > I have to say that I'm not chaining actions: it doesn't make sense to
> > remember the original request if Login.jsp result breaks the chain and, at
> > the end of the day, I have to code for remembering the original parameters
> > (in the interceptor). I'm using redirectAction.
> >
> > One more question: What should I do in case the original request is a
> > multipart request? For instance: select picture -> click upload ->
> > authentication -> upload action.
> >
> >
> > El Lunes, 15 de julio de 2013 10:29:26 Antonios Gkogkakis escribió:
> > > Hi Antonio,
> > >
> > > You can't modify the parameter map from the Servlet request, but you can
> > > pass the extra params from your first request to your action
> > > by putting them in the struts parameters map by calling  invocation.
> > > getInvocationContext().getParameters().#put.
> > >
> > > So to recap, you have your interceptor that catches the unauthorised
> > > action, you store the uri and all the params you need in the session,
> > > you redirect to the login page, and on login success you pass add the
> > extra
> > > params to the strut2 parameter map, and then struts will populate your
> > > action.
> > >
> > > Antonios
> > >
> > >
> > > On 15 July 2013 10:16, Antonio Sánchez <juntandolineas@gmail.com> wrote:
> > >
> > > > The problem was I did not consider the namespace in the interceptor,
> > > > config file and login action.
> > > >
> > > >         <action name="authenticate" class...>
> > > >             <result type="chain">
> > > >                 <param name="actionName">${#session.action}</param>
> > > >                 <param name="namespace">${#session.space}</param>
> > > >             </result>
> > > >         </action>
> > > >
> > > > Well, this is actually the easy part but the original question remains:
> > > > How do I remember the original request parameters?
> > > >
> > > > When the flow is forwarded to Login.jsp the original request is lost.
I
> > > > can save the parameters map in session but when the time comes for the
> > > > originally requested action (dynamic result) I don't know how to pass
> > the
> > > > original request parameters. I guess the right place to do it is the
> > custom
> > > > interceptor but I don't know how to pass parameters to the request. Is
> > it
> > > > possible to do?
> > > >
> > > >
> > > > El Viernes, 12 de julio de 2013 17:39:59 usted escribió:
> > > > > If I use "redirections" I will lose the original request(parameters,
> > > > uploading binary data ...). But I am unable to make it work using
> > forwards
> > > > (chaining actions).
> > > > >
> > > > > I give up. I can't do his with S2. I guess this use case requires
> > some
> > > > external approach: servlet filter (as Dave pointed out), container
> > managed
> > > > security, Spring security...
> > > > >
> > > > > Thank you all for your support.
> > > > >
> > > > > El Viernes, 12 de julio de 2013 16:09:54 Rahul Tokase escribió:
> > > > > > Hi
> > > > > > Here is the way you can achieve this.
> > > > > > You need to design login action to have the url 'redirectto'
> > parameter
> > > > > > which will holds the redirectaction. Upon login interception
you
> > will
> > > > first
> > > > > > check the login is done and then check for this parameter if
there
> > any
> > > > > > value then simply forward to that action. else if login is required
> > > > > > redirect it to the login page.
> > > > > >
> > > > > > If 'redirectto' url parameter is blank and login is success
then
> > > > forward it
> > > > > > to the home page.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Wed, Jul 10, 2013 at 5:57 PM, Antonio Sánchez
> > > > > > <juntandolineas@gmail.com>wrote:
> > > > > >
> > > > > > > Use Case: request some protected resource -> redirect
action for
> > > > > > > authentication -> access protected resource.
> > > > > > >
> > > > > > > I'm using a custom interceptor that redirects (redirectAction)
> > to a
> > > > global
> > > > > > > result if no user object is found in session. The final
action
> > > > result then
> > > > > > > redirects to a login page.
> > > > > > >
> > > > > > > The interceptor gets the original action requested (using
> > > > > > > request.getServletPath(), but not sure if this is right),
and
> > puts
> > > > it in
> > > > > > > the value stack. It would be used with dynamic redirection
in the
> > > > final
> > > > > > > result upon login success( ${nextAction} ) . This action
must be
> > > > passed in
> > > > > > > between redirections.
> > > > > > >
> > > > > > > But I need to reuse the original request. Reconstructing
the
> > request
> > > > with
> > > > > > > a query string is not an option. I need the original request:
> > > > GET/POST
> > > > > > > method, all parameters/values, maybe uploading binary content
> > > > > > > (inputstream), maybe headers...
> > > > > > >
> > > > > > > Is it possible to do this? How?
> > > > > > >
> > > > > > > ------
> > > > > > >
> > > > > > > Partially related to this: I'm having problems with
> > redirections. The
> > > > > > > original request parameters are forwarded only using dispatcher
> > > > result . If
> > > > > > > I use redirectAction or redirect, original params are lost.
Why?
> > > > > > >
> > > > > > >
> > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > > > > > > For additional commands, e-mail: user-help@struts.apache.org
> > > > > > >
> > > > > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > > > For additional commands, e-mail: user-help@struts.apache.org
> > > >
> > > >
> > > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
> >
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message