Login checking before processing any action/class

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

JSP - A mailing list about Java Server Pages specification and reference

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Subject: Servlet : Session invalidate
•	Oracle Connection Pooling in 3 2 2
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Subject: Running a Simple JMS Example
•	Tomcat and webapplication specific java library path
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	Value attribute of <html:checkbox
•	url string for connecting jboss to oracle
•	javax servlet ServletException: BeanUtils populate
•	5 0 18: Windows XP Pro vs Windows 2000
•	HTTP Status 404 The requested resource is not available

Login checking before processing any action/class

Login checking before processing any action/class

2007-11-05 - By Gary Affonso

Back

Reply: 1 2 3 4 5

Tom Schneider wrote:
> With Acegi, are you using an interceptor or is there a different way to
> enforce security?

Acegi sets up it's own Servlet Filter to monitor incoming url requests.
This filter is typically the first in the filter chain, Acegi gets a
shot at processing the url before anything else.

More specifically, Acegi typically sets up and entire chain of filters
that do various things for you (like automatically logging in
unauthenticated guests as "anonymous", etc.).

You typically configure the behavior of each component in that chain in
Springs application context.

So, no, you're Acegi is not using an interceptor. It's using a filter.
That let's Acegi do security checks/blocks *before* anything like
struts even has a chance to process something like a foo.action call.

> I wouldn't mind seeing an example of this if there's one
> that you can point to.

Just google for acegi and head to their site. Checkout the "getting
started" stuff.

> IMO, this would fit into Struts 2 authentication
> best practices and a little page describing the general setup wouldn't be a
> bad idea.

Agreed. My personal opinion is that *the* best practice for
authentication in java webapps at the moment is Acegi.

There are things Acegi doesn't cover with the default packages (NTLM
single-sign-on support comes to mind) but, man, if you've got anything
like "typical" java webapp auth needs, Acegi is great.

- Gary

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: user-unsubscribe@(protected)
For additional commands, e-mail: user-help@(protected)