You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Yaroslav Novytskyy <sp...@n-ix.com.ua> on 2005/05/11 15:44:31 UTC
Saving context in web application with exception-driven authentication
Hi!
I'm looking for a suitable solution for the following problem which
concerns authentication.
In my application the logon process is triggered by an exception which
is thrown by the call of an API function. The important moment is that
my web application cannot know whether the user has the rights to call
this function before it is actually called. The function throws a
specific exception in case if the user has insufficient rights.
Upon receiving this exception the application must display the logon
page. After logging in, the user has to be automatically redirected to
the input page of the Action where the API function was initiated. The
form of the input page must contain the values which the user had
entered before the API function failed.
The question is: how do I do it? I am already using the Struts
ExceptionHandler to trigger the login form upon catching the specific
exception. I suspect that I'll have to store the "context" (the
ActionForm of the input page) in the session scope - but I don't know
how to make the "substitution" of the input JSP form with the saved
"context" (how to fill the page form fields with the values entered by
the user before he had to log in).
Yaroslav Novytskyy
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Saving context in web application with exception-driven authentication
Posted by Yaroslav Novytskyy <sp...@n-ix.com.ua>.
Hi!
Thank you. I think that would be the solution. And I think I will also
need to save "ActionForward to jsp page in state (1)" in session scope
before I make an API call, which can throw an Exception, that will
forward me to login page. And in the end of the login process I will
look up this "ActionForward to jsp page in state (1)" from session scope
and redirect to it.
Yaroslav Novytskyy
Michael Jouravlev wrote:
> Just define the form with "session" scope, it will retain values for
> you. The catch: now you need to clean these values in reset() method
> when they are not needed. So, you need to distinguish when they are
> needed (refresh) and when not (you show that page for the first time.
>
>
>>I need something like this:
>>case 1:
>>jsp submit (1)-> APIcall() returns no errors -> <next>
>>case 2:
>>jsp submit (1)-> APIcall() returns _errors_ -> validation fails ->
>>login jsp submit -> login action/check auth -> back to calling jsp
>>with _prefilled fields_ as in step (1)
>>
>>I suspect that I'll have to store the "context" (the
>>ActionForm of the input page) in the session scope - but I don't know
>>how to make the "substitution" of the input JSP form with the saved
>>"context" (how to fill the page form fields with the values entered by
>>the user before he had to log in).
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Saving context in web application with exception-driven authentication
Posted by Michael Jouravlev <jm...@gmail.com>.
Just define the form with "session" scope, it will retain values for
you. The catch: now you need to clean these values in reset() method
when they are not needed. So, you need to distinguish when they are
needed (refresh) and when not (you show that page for the first time.
> I need something like this:
> case 1:
> jsp submit (1)-> APIcall() returns no errors -> <next>
> case 2:
> jsp submit (1)-> APIcall() returns _errors_ -> validation fails ->
> login jsp submit -> login action/check auth -> back to calling jsp
> with _prefilled fields_ as in step (1)
>
> I suspect that I'll have to store the "context" (the
> ActionForm of the input page) in the session scope - but I don't know
> how to make the "substitution" of the input JSP form with the saved
> "context" (how to fill the page form fields with the values entered by
> the user before he had to log in).
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Saving context in web application with exception-driven authentication
Posted by Yaroslav Novytskyy <sp...@n-ix.com.ua>.
Hi!
No, because there is no place to login here...
You propose (if I anderstand correctly) such a way:
case 1:
jsp submit (1)-> form validate -> APIcall() returns no errors -> action
case 2:
jsp submit (1)-> form validate -> APIcall() returns _errors_ ->
validation fails -> back to calling jsp with _prefilled fields_ as in
step (1)
But I need something like this:
case 1:
jsp submit (1)-> APIcall() returns no errors -> <next>
case 2:
jsp submit (1)-> APIcall() returns _errors_ -> validation fails -> login
jsp submit -> login action/check auth -> back to calling jsp with
_prefilled fields_ as in step (1)
Yaroslav Novytskyy
Nandan wrote:
> Did you try using checking the call to API method in the validate()
> method of your Action class and returning an ActionErrors if the call
> failed?
>
> --------------------------------------
> How happy is the blameless vestal's lot!
> The world forgetting, by the world forgot.
> Eternal sunshine of the spotless mind!
> Each pray'r accepted, and each wish resign'd
> ----- Original Message ----- From: "Yaroslav Novytskyy"
> <sp...@n-ix.com.ua>
> To: "Struts Users Mailing List" <us...@struts.apache.org>
> Sent: Monday, May 16, 2005 1:08 PM
> Subject: Re: Saving context in web application with exception-driven
> authentication
>
>
>> Hi!
>>
>> Sorry for being insistent, but does anyone have any thoughts about
>> this question?
>>
>> Yaroslav Novytskyy
>>
>>> I'm looking for a suitable solution for the following problem which
>>> concerns authentication.
>>>
>>> In my application the logon process is triggered by an exception
>>> which is thrown by the call of an API function. The important moment
>>> is that my web application cannot know whether the user has the
>>> rights to call this function before it is actually called. The
>>> function throws a specific exception in case if the user has
>>> insufficient rights.
>>>
>>> Upon receiving this exception the application must display the logon
>>> page. After logging in, the user has to be automatically redirected
>>> to the input page of the Action where the API function was
>>> initiated. The form of the input page must contain the values which
>>> the user had entered before the API function failed.
>>>
>>> The question is: how do I do it? I am already using the Struts
>>> ExceptionHandler to trigger the login form upon catching the specific
>>> exception. I suspect that I'll have to store the "context" (the
>>> ActionForm of the input page) in the session scope - but I don't know
>>> how to make the "substitution" of the input JSP form with the saved
>>> "context" (how to fill the page form fields with the values entered
>>> by the user before he had to log in).
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Saving context in web application with exception-driven authentication
Posted by Nandan <na...@gmail.com>.
Did you try using checking the call to API method in the validate() method
of your Action class and returning an ActionErrors if the call failed?
--------------------------------------
How happy is the blameless vestal's lot!
The world forgetting, by the world forgot.
Eternal sunshine of the spotless mind!
Each pray'r accepted, and each wish resign'd
----- Original Message -----
From: "Yaroslav Novytskyy" <sp...@n-ix.com.ua>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Monday, May 16, 2005 1:08 PM
Subject: Re: Saving context in web application with exception-driven
authentication
> Hi!
>
> Sorry for being insistent, but does anyone have any thoughts about this
> question?
>
> Yaroslav Novytskyy
>
>> I'm looking for a suitable solution for the following problem which
>> concerns authentication.
>>
>> In my application the logon process is triggered by an exception which is
>> thrown by the call of an API function. The important moment is that my
>> web application cannot know whether the user has the rights to call this
>> function before it is actually called. The function throws a specific
>> exception in case if the user has insufficient rights.
>>
>> Upon receiving this exception the application must display the logon
>> page. After logging in, the user has to be automatically redirected to
>> the input page of the Action where the API function was initiated. The
>> form of the input page must contain the values which the user had entered
>> before the API function failed.
>>
>> The question is: how do I do it? I am already using the Struts
>> ExceptionHandler to trigger the login form upon catching the specific
>> exception. I suspect that I'll have to store the "context" (the
>> ActionForm of the input page) in the session scope - but I don't know how
>> to make the "substitution" of the input JSP form with the saved "context"
>> (how to fill the page form fields with the values entered by the user
>> before he had to log in).
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Saving context in web application with exception-driven authentication
Posted by Yaroslav Novytskyy <sp...@n-ix.com.ua>.
Hi!
Sorry for being insistent, but does anyone have any thoughts about this
question?
Yaroslav Novytskyy
> I'm looking for a suitable solution for the following problem which
> concerns authentication.
>
> In my application the logon process is triggered by an exception which
> is thrown by the call of an API function. The important moment is that
> my web application cannot know whether the user has the rights to call
> this function before it is actually called. The function throws a
> specific exception in case if the user has insufficient rights.
>
> Upon receiving this exception the application must display the logon
> page. After logging in, the user has to be automatically redirected to
> the input page of the Action where the API function was initiated. The
> form of the input page must contain the values which the user had
> entered before the API function failed.
>
> The question is: how do I do it? I am already using the Struts
> ExceptionHandler to trigger the login form upon catching the specific
> exception. I suspect that I'll have to store the "context" (the
> ActionForm of the input page) in the session scope - but I don't know
> how to make the "substitution" of the input JSP form with the saved
> "context" (how to fill the page form fields with the values entered by
> the user before he had to log in).
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org