For the authors of Mannings Struts 2 in Action, a question

[Lyallex <ly...@gmail.com>]

I have no idea if the authors of the book Struts 2 in Action read this
list or if anyone that does
knows how to contact them but I have a question for them, or maybe
someone else knows the answer

Authors

On page 99, chapter 4 of your book you state.

"Every action in this package will
now have authentication with automatic routing back to the login page"

You then proceed to hard code the redirect.

How can the Login action be used for all actions in when you hard code the url

<action name="Login" class="manning.chapterFour.Login">
   <result type="redirect">
	/chapterFour/secure/AdminPortfolio.action
   </result>
   <result name="input">/chapterFour/Login.jsp</result>
</action>

How then for example would you use the Login action to secure the
AddImage action which is also a secure action

<action name="AddImage">
   <result>/chapterFour/ImageUploadForm.jsp</result>
</action>

Thank You

lyallex

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: For the authors of Mannings Struts 2 in Action, a question

[Don Brown <do...@gmail.com>]

On Sat, Jul 12, 2008 at 5:56 PM, Lyallex <ly...@gmail.com> wrote:
> Wouldn't it be great to have the redirect resultType parameterised in
> some way so that the target could be set depending on which action was
> selected ..

You can.  Try something like this:

<action name="Login" class="manning.chapterFour.Login">
  <result type="redirect">
       ${destination}
  </result>
  <result name="input">/chapterFour/Login.jsp</result>
</action>

The key is to have the code that redirects to the login use a request
parameter, say, "destination", which contains the current URL.  The
login action will get that parameter and use it for the redirect.
Alternatively, you could forgo the "redirect" result and have the
login action method return an instance of ServletRedirectResult
directly, initialized with the "destination" value.

Don (one of the authors)

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: For the authors of Mannings Struts 2 in Action, a question

[Dave Newton <ne...@yahoo.com>]

--- On Sat, 7/12/08, Lyallex <ly...@gmail.com> wrote:
> Well I did try posting to the authors blog on the Manning
> site but the post was thrown out because of the XML...

Using a service like pastebin, paste2, nopaste, etc. solves that problem, and can be a better alternative for long-ish snippets even when XML is supported.

Dave


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: For the authors of Mannings Struts 2 in Action, a question

[Lyallex <ly...@gmail.com>]

:- There are decent forums at manning.com that might be a better place to put
:- this note -- I know the authors read the forums there.

Well I did try posting to the authors blog on the Manning site but the
post was thrown out because of the XML
...

>> I'm not one of the authors, but I helped...
>>
>> The example in the book doesn't work the way that typical container
>> managed authentication / authorization worked.

I do understand that the example is there to provide an example of an
interceptor and is not really intended to be an industrial strength
security solution. I also understand that once validated any secure
action can be accessed because the required token (User, Account
whatever) is on the session.

It just sounded like the Login action could be used regardless of initial Action

Wouldn't it be great to have the redirect resultType parameterised in
some way so that the target could be set depending on which action was
selected ...

Anyway

Thanks for taking the time to reply

lyallex

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: For the authors of Mannings Struts 2 in Action, a question

[Paweł Wielgus <po...@gmail.com>]

Or You can use an Interceptor with default input for that job.

Best greetings,
Paweł Wielgus.

2008/7/11 Wes Wannemacher <we...@wantii.com>:
> Lyallex,
>
> I'm not one of the authors, but I helped...
>
> The example in the book doesn't work the way that typical container
> managed authentication / authorization worked. A successful login
> would be redirected to the AdminPortfolio (regardless of the original
> request). If you are looking for more than this basic functionality,
> take a look at Spring Security (formally, ACEGI). The configuration
> appears daunting at first, but the boilerplate config example seems to
> work for most apps.
>
> -Wes
>
> On Fri, Jul 11, 2008 at 11:59 AM, Lyallex <ly...@gmail.com> wrote:
>> I have no idea if the authors of the book Struts 2 in Action read this
>> list or if anyone that does
>> knows how to contact them but I have a question for them, or maybe
>> someone else knows the answer
>>
>> Authors
>>
>> On page 99, chapter 4 of your book you state.
>>
>> "Every action in this package will
>> now have authentication with automatic routing back to the login page"
>>
>> You then proceed to hard code the redirect.
>>
>> How can the Login action be used for all actions in when you hard code the url
>>
>> <action name="Login" class="manning.chapterFour.Login">
>>   <result type="redirect">
>>        /chapterFour/secure/AdminPortfolio.action
>>   </result>
>>   <result name="input">/chapterFour/Login.jsp</result>
>> </action>
>>
>> How then for example would you use the Login action to secure the
>> AddImage action which is also a secure action
>>
>> <action name="AddImage">
>>   <result>/chapterFour/ImageUploadForm.jsp</result>
>> </action>
>>
>> Thank You
>>
>> lyallex
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>
>
>
> --
> Wesley Wannemacher
> President, Head Engineer/Consultant
> WanTii, Inc.
> http://www.wantii.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Re: For the authors of Mannings Struts 2 in Action, a question

[Wes Wannemacher <we...@wantii.com>]

Lyallex,

I'm not one of the authors, but I helped...

The example in the book doesn't work the way that typical container
managed authentication / authorization worked. A successful login
would be redirected to the AdminPortfolio (regardless of the original
request). If you are looking for more than this basic functionality,
take a look at Spring Security (formally, ACEGI). The configuration
appears daunting at first, but the boilerplate config example seems to
work for most apps.

-Wes

On Fri, Jul 11, 2008 at 11:59 AM, Lyallex <ly...@gmail.com> wrote:
> I have no idea if the authors of the book Struts 2 in Action read this
> list or if anyone that does
> knows how to contact them but I have a question for them, or maybe
> someone else knows the answer
>
> Authors
>
> On page 99, chapter 4 of your book you state.
>
> "Every action in this package will
> now have authentication with automatic routing back to the login page"
>
> You then proceed to hard code the redirect.
>
> How can the Login action be used for all actions in when you hard code the url
>
> <action name="Login" class="manning.chapterFour.Login">
>   <result type="redirect">
>        /chapterFour/secure/AdminPortfolio.action
>   </result>
>   <result name="input">/chapterFour/Login.jsp</result>
> </action>
>
> How then for example would you use the Login action to secure the
> AddImage action which is also a secure action
>
> <action name="AddImage">
>   <result>/chapterFour/ImageUploadForm.jsp</result>
> </action>
>
> Thank You
>
> lyallex
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>



-- 
Wesley Wannemacher
President, Head Engineer/Consultant
WanTii, Inc.
http://www.wantii.com

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: For the authors of Mannings Struts 2 in Action, a question

[Jim Kiley <jh...@summa-tech.com>]

There are decent forums at manning.com that might be a better place to put
this note -- I know the authors read the forums there.

jk

On Fri, Jul 11, 2008 at 11:59 AM, Lyallex <ly...@gmail.com> wrote:

> I have no idea if the authors of the book Struts 2 in Action read this
> list or if anyone that does
> knows how to contact them but I have a question for them, or maybe
> someone else knows the answer
>
> Authors
>
> On page 99, chapter 4 of your book you state.
>
> "Every action in this package will
> now have authentication with automatic routing back to the login page"
>
> You then proceed to hard code the redirect.
>
> How can the Login action be used for all actions in when you hard code the
> url
>
> <action name="Login" class="manning.chapterFour.Login">
>   <result type="redirect">
>        /chapterFour/secure/AdminPortfolio.action
>   </result>
>   <result name="input">/chapterFour/Login.jsp</result>
> </action>
>
> How then for example would you use the Login action to secure the
> AddImage action which is also a secure action
>
> <action name="AddImage">
>   <result>/chapterFour/ImageUploadForm.jsp</result>
> </action>
>
> Thank You
>
> lyallex
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>


-- 
Jim Kiley
Technical Consultant | Summa
[p] 412.258.3346 [m] 412.445.1729
http://www.summa-tech.com