You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "Struts Newsgroup (@Basebeans.com)" <st...@basebeans.com> on 2002/06/04 05:55:02 UTC
Re: related to: Re: #2 - Use DispatchAction to organize related
Subject: Re: related to: Re: #2 - Use DispatchAction to organize related
From: Vic C <vi...@basebeans.com>
===
"a base class perform method handle checking the
login status and then call something like a doWork() method that
will invoke the work in your subclass Actions (avoiding have to
have all your actions handle the loggin check)."
Guys, guys, please! Do not do login and check login using Struts.
The web container/ app. server does it for you and then redirects to the
page you want to go to. It has to, to be compliant. Every web app
server I know of does it. http://www.basebeans.com/down/struts.zip ,
look at chapter 16.
Again, it is a bad practice to do security in action or in Struts. It
should be done using the web container, search Google for JAAS, it is
already done for you.
hth, V.
(I should just get a JAAS auto responder, searching the news list for
security)
>
> At 09:31 PM 6/3/2002 -0400, you wrote:
>
>> On Friday, May 31, 2002, 7:11:47 AM, Ted Husted wrote:
>>
>> TH> The Struts Dispatch Action is designed to do exactly the same
>> thing, but
>> TH> without messy branching logic. The base perform method will check a
>> TH> dispatch field for you, and invoke the indicated method. The only
>> catch
>> TH> is that the dispatch methods must use the same signature as perform.
>> TH> This is a very modest requirement, since in practice you usually
>> end up
>> TH> doing that anyway.
>>
>> Ted, I was discussing with James Mitchell about ways to manage a
>> user being logged in and he suggested a way that I really liked
>> where you have a base class perform method handle checking the
>> login status and then call something like a doWork() method that
>> will invoke the work in your subclass Actions (avoiding have to
>> have all your actions handle the loggin check).
>>
>> The question I have is I'm now using a dispatch action class that
>> handles most of the action work. Do I need to go in and modify the
>> base DispatchAction class' perform method in order to get
>> something similar to the above functionality? Or maybe there is an
>> easier way to handle checking login status using a subclass of
>> DispatchAction?
>>
>> Thanks
>>
>> --
>>
>> Rick
>>
>> mailto:maillist@reumann.net
>>
>> "Probably the earliest flyswatters were nothing more than some sort of
>> striking surface attached to the end of a long stick."
>> -Jack Handey
>>
>>
>> --
>> To unsubscribe, e-mail:
>> <ma...@jakarta.apache.org>
>> For additional commands, e-mail:
>> <ma...@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: related to: Re: #2 - Use DispatchAction to organize
related
Posted by Chuck Cavaness <ch...@attbi.com>.
Vic/Rick,
This has been my experience with container-managed security. If your
application doesn't need to execute any special business logic as part of
the login process, yes it works fine. However, if I've got to authenticate
with LDAP, or check how many failed login attempts this usedid has before
letting them in, or check with the userid locked out for any reason, or if
I have multiple datasources, container-managed security has been a big pain
in the ass.
I haven't found any portable and generic hook to allow for the kind of
functionality that I described above with container-managed security. Now,
having said that, I do agree that anything that can be done declaratively,
rather than programmatically, is a good thing. But even the EJB spec
members left in programmatic security, because they knew that not every app
had the same requirements. I thought JAAS was going to be the greatest
thing since sliced bread when it came out, unfortunately it wasn't and I'm
still waiting...
Chuck
>Guys, guys, please! Do not do login and check login using Struts.
>The web container/ app. server does it for you and then redirects to the
> page you want to go to. It has to, to be compliant. Every web app
>server I know of does it. http://www.basebeans.com/down/struts.zip ,
>look at chapter 16.
>
>Again, it is a bad practice to do security in action or in Struts. It
>should be done using the web container, search Google for JAAS, it is
>already done for you.
>
>hth, V.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>