Struts best practices – white paper on JavaWorld

7

An interesting white paper: Struts best practices

Multiple options are available for solving problems with Struts. When deciding among these alternatives, the choice must be based on parameters such as the scale of work and availability of time. However for large applications and the best quality-of-service needs, every decision becomes crucial and extra efforts are required to choose the appropriate solution. To help you make these decisions, Puneet Agarwal discusses some of the best practices for developing Struts-based applications. (2,800 words; September 13, 2004)

By Puneet Agarwal

I was looking for the way to specify the page to forward to when a validation of the roles attribute on an ActionMapping has failed. Unfortunately, I am still looking. I found the information on how to extend Struts in the white paper Extending Struts (OnJava) by Sunil Patil 11/10/2004 . The way to forward when an error is found seems to be:

try{
                //If no redirect user to login Page
                request.getRequestDispatcher
                    ("/Login.jsp").forward(request,response);
            }catch(Exception ex){
            }

My requestprocessor:

	/**
	 * In this method, the list of roles that MAY have been defined (that is optional) for the current
   * ActionMapping is evaluated. The user trying to access this ActionMapping must have at least one
   * of the Roles defined for the ActionMapping, otherwise the request has to be denied.
   *
   * The method retrieves the User object from the sessionScope (key = JHS_USER) and invokes the hasAccess
   * method to verify if one the required roles has been granted to the current user. If so, the method returns true.
   * If not, the user has no access to the ActionMapping and the method returns false.
	 */
	protected boolean processRoles(HttpServletRequest request
	                               ,HttpServletResponse response
	                               ,ActionMapping mapping ) throws IOException, ServletException{

	 boolean isOK =false;
   // retrieve list of roles that may access this action mapping
	 String[] roles = mapping.getRoleNames();
	 if ( roles == null || roles.length < 1 ) {
	    // if no roles are specified in the mapping the function is accessible for all
      log.info("NO ROLES specified for " + mapping.getName() );
	    isOK = true;
	 }
   else {
     // one or more roles may have access, but at least one of those roles must be granted to the current user
     JhsUser user = (JhsUser)request.getSession().getAttribute(JhsAdfConstants.JHS_USER);
     for (int i = 0; i&lt; roles.length ; i++ ) {
       log.info("ROLE:"+roles[i]);
		   if (user.hasAccess(roles[i],null)) {
		     isOK = true;
         // break from this loop as soon as a role is found that has been granted to the user
		     break;
		   }
		 }// for over roles
        // now if (!isOK) I want to forward to an errorpage of sorts.
   }
   return isOK;
  }//processRoles

Share.

About Author

Lucas Jellema, active in IT (and with Oracle) since 1994. Oracle ACE Director for Fusion Middleware. Consultant, trainer and instructor on diverse areas including Oracle Database (SQL & PLSQL), Service Oriented Architecture, BPM, ADF, Java in various shapes and forms and many other things. Author of the Oracle Press book: Oracle SOA Suite 11g Handbook. Frequent presenter on conferences such as JavaOne, Oracle OpenWorld, ODTUG Kaleidoscope, Devoxx and OBUG. Presenter for Oracle University Celebrity specials.

7 Comments

  1. In this case you are forwarding to an page which should be outside WEB-INF folder. Instead I would like to call an Action class. How can I do that?

  2. Leon,

    Thanks a lot. That was what I was looking for. It is like you say: no hard-coded reference to a JSP – a reference that I did not like at all. This is much cleaner.

    Lucas

  3. Leon van Tegelen on

    The actual way to do it would be to forward to a global forward named “unauthorized” in the struts-config, like so
    {
    ForwardConfig fc = mapping.getModuleConfig().findForwardConfig(“unauthorized”);
    request.getRequestDispatcher(fc.getPath()).forward(request,response);
    }

    No need for hardcoded errropage …