Results 1 to 2 of 2
  1. #1
    DizzyJava is offline Member
    Join Date
    Nov 2010
    Posts
    1
    Rep Power
    0

    Default Stripes security question

    Hi,

    I have setup a StripesSecurityFilter class which handles authorization and authentication for my site. It works great, but as i am now going back and cleaning up and refactoring some code, i'm realizing it would be great if i could access the ActionBeanContext class from my StripesSecurityFilter class. This is because currently the StripesSecurityFilter class uses hard coded strings such as "user" to pop a user into a session attribute...if it had a reference to the ActionBeanContext, it could simply call methods setUser and getUser instead.

    So..i am wondering if this can be solved by having my StripesSecurityFilter class extend an ActionBean class?

    would something like this work:

    Java Code:
    public class MySecurityFilter extends MyBaseActionBean implements Filter
    {
    	public void doFilter(ServletRequest servletRequest,
    	        ServletResponse servletResponse, FilterChain filterChain)
    	        throws IOException, ServletException
    	{
    		HttpServletRequest request = (HttpServletRequest) servletRequest;
    		HttpServletResponse response = (HttpServletResponse) servletResponse;
    
    		if (super.context.getUser() != null)
    		{
    			....
    		}
    	}
    ...
    }
    
    abstract class MyBaseActionBean implements ActionBean
    {
    	protected MyBaseActionBeanContext context;
    	public MyBaseActionBeanContext getContext() {return context; }
    	public void setContext(ActionBeanContext c)	{this.context = (MyBaseActionBeanContext) c;}
    }
    
    abstract class MyBaseActionBeanContext extends ActionBeanContext 
    {
    	public static String _USER = "user";
    	public static String _TARGET_URL = "targetUrl";
    	
        public Person getUser() {
            return (Person) getRequest().getSession().getAttribute(_USER);
        }
    
        public void setUser(Person currentUser) {
            getRequest().getSession().setAttribute(_USER, currentUser);
        }
        
        public void setTargetURL(String targetURL) {
            getRequest().getSession().setAttribute(_TARGET_URL, targetURL);
        }
    
        public String getTargetURL() {
            return (String) getRequest().getSession().getAttribute(_TARGET_URL);
        }
    }
    So in the above code, i'd be able to get the user from the request using the ActionBean's context member. Is this a viable solution? For that to be so, it would mean that the context needs to get set by stripes when SecurityFilter is called. Is this the case?

    Thanks

  2. #2
    FON
    FON is offline Senior Member
    Join Date
    Dec 2009
    Location
    Belgrade, Serbia
    Posts
    368
    Rep Power
    5

    Default

    It's good that you are trying to make your code more generic but this looks like unnecessary overhead IMHO.

    Extending Filter is not common practice, especially not in this kinda purpose, because you cannot extend more than once, do you think think it' worth it?

    Secondly, it's not that your class will have million hardcoded values all over.
    Simply place that 'user' in maybe some final constant at beginning and don't worry. You might use your filter class for logging, localization...so keep it as it was.

    that the way I see it...

Similar Threads

  1. Upload file by stripes
    By erakhman in forum Web Frameworks
    Replies: 0
    Last Post: 08-23-2010, 09:57 AM
  2. Question on java.security.manager
    By Lil_Aziz1 in forum New To Java
    Replies: 9
    Last Post: 06-07-2010, 04:50 AM
  3. Stripes Web Framework 1.5
    By Java Tip in forum Java Software
    Replies: 0
    Last Post: 08-20-2008, 03:24 PM
  4. what do you know about Stripes?
    By cecily in forum New To Java
    Replies: 1
    Last Post: 08-02-2007, 09:52 PM
  5. Replies: 1
    Last Post: 07-24-2007, 12:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •