Struts best practices – white paper on JavaWorld

Lucas Jellema 7

An interesting white paper: Struts best practices

Multiple options are available for solving problems with Struts. When deciding among these alternatives, the choice must be based on parameters such as the scale of work and availability of time. However for large applications and the best quality-of-service needs, every decision becomes crucial and extra efforts are required to choose the appropriate solution. To help you make these decisions, Puneet Agarwal discusses some of the best practices for developing Struts-based applications. (2,800 words; September 13, 2004)

By Puneet Agarwal

I was looking for the way to specify the page to forward to when a validation of the roles attribute on an ActionMapping has failed. Unfortunately, I am still looking. I found the information on how to extend Struts in the white paper Extending Struts (OnJava) by Sunil Patil 11/10/2004 . The way to forward when an error is found seems to be:

try{
                //If no redirect user to login Page
                request.getRequestDispatcher
                    ("/Login.jsp").forward(request,response);
            }catch(Exception ex){
            }

My requestprocessor:

	/**
	 * In this method, the list of roles that MAY have been defined (that is optional) for the current
   * ActionMapping is evaluated. The user trying to access this ActionMapping must have at least one
   * of the Roles defined for the ActionMapping, otherwise the request has to be denied.
   *
   * The method retrieves the User object from the sessionScope (key = JHS_USER) and invokes the hasAccess
   * method to verify if one the required roles has been granted to the current user. If so, the method returns true.
   * If not, the user has no access to the ActionMapping and the method returns false.
	 */
	protected boolean processRoles(HttpServletRequest request
	                               ,HttpServletResponse response
	                               ,ActionMapping mapping ) throws IOException, ServletException{

	 boolean isOK =false;
   // retrieve list of roles that may access this action mapping
	 String[] roles = mapping.getRoleNames();
	 if ( roles == null || roles.length < 1 ) {
	    // if no roles are specified in the mapping the function is accessible for all
      log.info("NO ROLES specified for " + mapping.getName() );
	    isOK = true;
	 }
   else {
     // one or more roles may have access, but at least one of those roles must be granted to the current user
     JhsUser user = (JhsUser)request.getSession().getAttribute(JhsAdfConstants.JHS_USER);
     for (int i = 0; i< roles.length ; i++ ) {
       log.info("ROLE:"+roles[i]);
		   if (user.hasAccess(roles[i],null)) {
		     isOK = true;
         // break from this loop as soon as a role is found that has been granted to the user
		     break;
		   }
		 }// for over roles
        // now if (!isOK) I want to forward to an errorpage of sorts.
   }
   return isOK;
  }//processRoles

7 thoughts on “Struts best practices – white paper on JavaWorld

  1. In this case you are forwarding to an page which should be outside WEB-INF folder. Instead I would like to call an Action class. How can I do that?

  2. Leon,

    Thanks a lot. That was what I was looking for. It is like you say: no hard-coded reference to a JSP – a reference that I did not like at all. This is much cleaner.

    Lucas

  3. The actual way to do it would be to forward to a global forward named “unauthorized” in the struts-config, like so
    {
    ForwardConfig fc = mapping.getModuleConfig().findForwardConfig(“unauthorized”);
    request.getRequestDispatcher(fc.getPath()).forward(request,response);
    }

    No need for hardcoded errropage …

Comments are closed.

Next Post

Default Display Value - ADF JHeadstart icing on the cake

If you want to set default values for ViewObject Attributes in new records, you can now very easily do so when your application makes use of the ADF JHeadstart runtime framework. This makes it very easy to for example automatically set the current date or the department of the current […]
%d bloggers like this: