[S2] application context

[deeeed <de...@gmail.com>]

Hi,

I would like to initialize and share an object when my application deploy
but I'm not sure on the best way to do it.
The idea is to access something like ServletContext() and then initialize my
object in it in a synchronized way.
I know the ActionContext is ThreadLocal so If i put my object in it I don't
think it will be accessible for every user of the site.
So what is the best way to share data between action with struts 2 ?

Thanks ;)

Re: [S2] application context

[deeeed <de...@gmail.com>]

Thanks for your quick answer.

2008/3/19, Frank Fischer <fr...@digitalnomads.ch>:
>
> Hi
>
> I asked the same questions just some days ago.
> Please read
>
> http://mail-archives.apache.org/mod_mbox/struts-user/200803.mbox/%3c20080313
> 213231.0A3D01FFEBE@mail.genotec.ch%3e. You will find all information there
> (have a look at the first and the last message in the thread).
>
> Frank
>
>
> > -----Original Message-----
> > From: deeeed [mailto:deeeed@gmail.com]
> > Sent: Wednesday, March 19, 2008 9:03 PM
> > To: user@struts.apache.org
> > Subject: [S2] application context
> >
> > Hi,
> >
> > I would like to initialize and share an object when my
> > application deploy
> > but I'm not sure on the best way to do it.
> > The idea is to access something like ServletContext() and
> > then initialize my
> > object in it in a synchronized way.
> > I know the ActionContext is ThreadLocal so If i put my object
> > in it I don't
> > think it will be accessible for every user of the site.
> > So what is the best way to share data between action with struts 2 ?
> >
> > Thanks ;)
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Re: Best Pratices for Access Restriction and Authentication?

[Lukasz Lenart <lu...@googlemail.com>]

>  I just read bout about Acegi (http://www.acegisecurity.org/). As far as i
>  understand this framework would provide mechanisms for authentication and
>  authorization (which also will be going to be a topic in a later project
>  stage). In its documentation i read that it's working with spring. Does this
>  only refere to Spring für DI, so i would be able to use Acegi also for
>  authentication in my Struts2 application (which already uses Spring for DI)
>  or does it only work with Spring Actions?

It works very well with Struts2 or with any other web framework, even
there is some example how to develop Struts2 Interceptor in inject
Auth context to an action.


Regards
-- 
Lukasz

http://www.linkedin.com/in/lukaszlenart

Best Pratices for Access Restriction and Authentication?

[Frank Fischer <fr...@digitalnomads.ch>]

Hi all

Creating my first struts2 web application i came to the point where
questions about access restriction and authentication pop up. 

I read some articles about these topics that cover certain single aspects
but none of them seem to answer all my questions.

As far as i learned, i think best way to implement authentication for
Actions is to implement a Interceptor which filters out requests and
redirect them to the login page as long as the requesting client was not
authenticated. And upon login i would store a param in the session which i
will look up in the Authentication Interceptor to find out if the client
already did authenticate.
Is that a good practise? Or are there better ways to do authentication? Any
special things to think about? I.e. what about session hijacking? Should i
also store the ip where the authentication credentials were sent from
initilally and check this ip against the ips of subsequent request related
to the same session?

So i implemented a simple AuthenticationInterceptor and deployed it. That
works so far, but only for requests to Actions. When requesting a jsp file
directly by url from the browser the jsp is delivered by tomcat. I don't
like to have users being able to directly access jsp without authentication.
Basically i thought that requests for jsp also would be passed to the
AuthenticationInterceptor (as far as i understand, an interceptor is
basically a servlet filter) so the same authentication checks would apply as
for Actions (servlets, and as far as i understand, jsps are also a kind of
servlets, so why should that be handled differently?). But this obv. Doesn't
work.
I found some articles that put a piece of code in each jsp, checking if a
kind of "logged-in" param is set in the session and does a redirect to a
login page if that isn't the case. To be honest, i don't like that method, i
wouldn't like to have such a statement on every jsp. I think there must be a
better, smarter way to do that. 

I just read bout about Acegi (http://www.acegisecurity.org/). As far as i
understand this framework would provide mechanisms for authentication and
authorization (which also will be going to be a topic in a later project
stage). In its documentation i read that it's working with spring. Does this
only refere to Spring für DI, so i would be able to use Acegi also for
authentication in my Struts2 application (which already uses Spring for DI)
or does it only work with Spring Actions?

I'm very thankful for any tips and tricks or references for further reading.


Thanks a lot & regards
Frank





---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

RE: [S2] application context

[Frank Fischer <fr...@digitalnomads.ch>]

Hi 

I asked the same questions just some days ago.
Please read
http://mail-archives.apache.org/mod_mbox/struts-user/200803.mbox/%3c20080313
213231.0A3D01FFEBE@mail.genotec.ch%3e. You will find all information there
(have a look at the first and the last message in the thread).

Frank

> -----Original Message-----
> From: deeeed [mailto:deeeed@gmail.com] 
> Sent: Wednesday, March 19, 2008 9:03 PM
> To: user@struts.apache.org
> Subject: [S2] application context
> 
> Hi,
> 
> I would like to initialize and share an object when my 
> application deploy
> but I'm not sure on the best way to do it.
> The idea is to access something like ServletContext() and 
> then initialize my
> object in it in a synchronized way.
> I know the ActionContext is ThreadLocal so If i put my object 
> in it I don't
> think it will be accessible for every user of the site.
> So what is the best way to share data between action with struts 2 ?
> 
> Thanks ;)
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org