You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Mike Dewhirst <De...@UCLES.org.uk> on 2002/02/08 16:44:05 UTC
Controller and security
We are trying to come with a good security model in conjunction with Struts.
I was thinking of calling a business class method to check the user's
permission for the requested mapping from within the Controller, but I'm
sure custom-modifying source code of a generic frame work is not exactly
best-practice.
Any suggestions?
PS Thanks to those who did for the advice with "actions and business logic"!
=**********************************************************
If you are not the intended recipient, employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination or copying of this communication and its attachments is strictly prohibited.
If you have received this communication and its attachments in error, please return the original message and attachments to the sender using the reply facility on e-mail.
Internet communications are not secure and therefore the UCLES Group does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of the UCLES Group unless otherwise specifically stated.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses although this does not guarantee that this email is virus free.
**********************************************************=
Re: Controller and security
Posted by "John M. Corro" <jo...@cornerstone.net>.
If you're rolling your own security management, I'd speak favorably for
using the proxy pattern.
Take for example a simple user management area....CRUD operations on various
users (get list of users, get user profile, add/edit/delete, etc). I used
basically two classes to house the interactions w/ the database - a Factory
class for returning User and User-related objects (ie User Roles, etc) and a
Manager class for handling User persistance (ie add/edit/delete).
The methods within these classes were exposed to the rest of the application
via a SecurityHandler class. Then if you wanted to say, get a listing of
Users...you'd instantiate this UserHandler object (passing into the
constructor your own User object which was persisted in the session) and
call 'userHandler.getUserList()'. The UserHandler would examine the User
object which was passed to it at instantiation and examine the roles
associated w/ the User to see whether it would throw a SecurityException or
return the listing of Users.
I'd advocate this pattern because you can decouple the biz logic (from the
Factory and Manager classses) and security logic (in the Handler class) from
the application flow (Struts).
----- Original Message -----
From: "Mike Dewhirst" <De...@UCLES.org.uk>
To: "'Struts Users Mailing List'" <st...@jakarta.apache.org>
Sent: Friday, February 08, 2002 9:44 AM
Subject: Controller and security
> We are trying to come with a good security model in conjunction with
Struts.
>
> I was thinking of calling a business class method to check the user's
> permission for the requested mapping from within the Controller, but I'm
> sure custom-modifying source code of a generic frame work is not exactly
> best-practice.
>
> Any suggestions?
>
> PS Thanks to those who did for the advice with "actions and business
logic"!
>
>
> =**********************************************************
>
> If you are not the intended recipient, employee or agent responsible for
delivering the message to the intended recipient, you are hereby notified
that any dissemination or copying of this communication and its attachments
is strictly prohibited.
>
> If you have received this communication and its attachments in error,
please return the original message and attachments to the sender using the
reply facility on e-mail.
>
> Internet communications are not secure and therefore the UCLES Group does
not accept legal responsibility for the contents of this message. Any views
or opinions presented are solely those of the author and do not necessarily
represent those of the UCLES Group unless otherwise specifically stated.
>
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses although this does not
guarantee that this email is virus free.
>
> **********************************************************=
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Controller and security
Posted by Jin Bal <ji...@hotmail.com>.
You could dispense with changing/extending the controller by creating an
abstract action layer that defines a new abstract method such as
performAction() which returns an actionforward obj like perform() .
Your perform method in the abstract class then carries out the validaton if
it is ok it call the abstract method. Otherwise it forwards to an error page
(or anywhere)
Your secure actions extend from your abstract authentication action and
implement the abstract method with your processing etc.
The benefits of this are:
that you can specify additional parameters in you abstract method eg a db
connection from your pool or authenticated user object. Of course you still
pass the struts stuff down to the abstract method as well (request response
mapping etc).
You can manage the db connection(if you pass one down) and exception
handling in extensions of this class from the abstract class with try catch
finally etc with out having to repeat code in every action class
Also it means that you can leave the controller servlet alone - this sits on
top of strut controller/actions
eg:
public abstract class secureAction extends action {
public actionforward perform(req,res,etc...)
try
// carry out validation/authentication
if valid
return performAction(req,res etc PLUS any other objs you need/want
in subclass implementations ie db connection);
else
KICK USER OUT
catch throwable
log exception; forward to errorpage
rollback db connection (there is one
finally
release resources etc
}
//NEW ABSTRACT METHOD
public abstract actionforward performAction(req,res etc PLUS any other objs
you need/want in subclass implementations);
}
public class SecureExtensionAction extends secureAction {
//implementation of abstract method
public ActionForward performaction(params inherited from superclass)throws
throwable {
do processing withou having to manage resources this is taken care of by
superclass
}
}
HTH!
Jin
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: RE: Controller and security
Posted by Chuck Cavaness <st...@japache.org>.
I've seen this solution work very well. When you extend the ActionServlet, you can override the "processPreprocess" method to determine if the user has the neccessary permissions, if the user has a valid session, etc... long before ever getting to the Action class (If you're using the 1.1 version, then the "processPreprocess" method is in the RequestProcessor now).
With this approach, you don't need to check if the session is valid in the Action classes. Another problem that this solution helps out with is say a user has logged in and has let the session time out while looking at a page. If the user then clicks a button like an update or something, control may go into the ActionForm before making it to the Action instance. What's going to happen if the ActionForm attempts to use the session (which has timed out). By putting the check in the front controller, you're able to save checking for a valid session in the ActionForm and/or Action classes.
Chuck
--
Sent via jApache.org
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Controller and security
Posted by David Larson <dl...@silverstream.com>.
extend the controlling servlet, like...
public class YourCustomServlet extends
org.apache.struts.action.ActionServlet {
...then override those methods you desire to customize the response on.
You'll need to update the Web.xml file to initialize your customized
controller instead of the default controlling servlet.
hth,
dave
-----Original Message-----
From: Mike Dewhirst [mailto:Dewhirst.M@UCLES.org.uk]
Sent: Friday, February 08, 2002 9:44 AM
To: 'Struts Users Mailing List'
Subject: Controller and security
We are trying to come with a good security model in conjunction with
Struts.
I was thinking of calling a business class method to check the user's
permission for the requested mapping from within the Controller, but I'm
sure custom-modifying source code of a generic frame work is not exactly
best-practice.
Any suggestions?
PS Thanks to those who did for the advice with "actions and business
logic"!
=**********************************************************
If you are not the intended recipient, employee or agent responsible for
delivering the message to the intended recipient, you are hereby
notified that any dissemination or copying of this communication and its
attachments is strictly prohibited.
If you have received this communication and its attachments in error,
please return the original message and attachments to the sender using
the reply facility on e-mail.
Internet communications are not secure and therefore the UCLES Group
does not accept legal responsibility for the contents of this message.
Any views or opinions presented are solely those of the author and do
not necessarily represent those of the UCLES Group unless otherwise
specifically stated.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses although this does not
guarantee that this email is virus free.
**********************************************************=
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>