An interesting white paper: Struts best practices
Multiple options are available for solving problems with Struts. When deciding among these alternatives, the choice must be based on parameters such as the scale of work and availability of time. However for large applications and the best quality-of-service needs, every decision becomes crucial and extra efforts are required to choose the appropriate solution. To help you make these decisions, Puneet Agarwal discusses some of the best practices for developing Struts-based applications. (2,800 words; September 13, 2004)
By Puneet Agarwal
I was looking for the way to specify the page to forward to when a validation of the roles attribute on an ActionMapping has failed. Unfortunately, I am still looking. I found the information on how to extend Struts in the white paper Extending Struts (OnJava) by Sunil Patil 11/10/2004 . The way to forward when an error is found seems to be:
try{
//If no redirect user to login Page
request.getRequestDispatcher
("/Login.jsp").forward(request,response);
}catch(Exception ex){
}
My requestprocessor:
/**
* In this method, the list of roles that MAY have been defined (that is optional) for the current
* ActionMapping is evaluated. The user trying to access this ActionMapping must have at least one
* of the Roles defined for the ActionMapping, otherwise the request has to be denied.
*
* The method retrieves the User object from the sessionScope (key = JHS_USER) and invokes the hasAccess
* method to verify if one the required roles has been granted to the current user. If so, the method returns true.
* If not, the user has no access to the ActionMapping and the method returns false.
*/
protected boolean processRoles(HttpServletRequest request
,HttpServletResponse response
,ActionMapping mapping ) throws IOException, ServletException{
boolean isOK =false;
// retrieve list of roles that may access this action mapping
String[] roles = mapping.getRoleNames();
if ( roles == null || roles.length < 1 ) {
// if no roles are specified in the mapping the function is accessible for all
log.info("NO ROLES specified for " + mapping.getName() );
isOK = true;
}
else {
// one or more roles may have access, but at least one of those roles must be granted to the current user
JhsUser user = (JhsUser)request.getSession().getAttribute(JhsAdfConstants.JHS_USER);
for (int i = 0; i< roles.length ; i++ ) {
log.info("ROLE:"+roles[i]);
if (user.hasAccess(roles[i],null)) {
isOK = true;
// break from this loop as soon as a role is found that has been granted to the user
break;
}
}// for over roles
// now if (!isOK) I want to forward to an errorpage of sorts.
}
return isOK;
}//processRoles
how can I forward to an action class instead of an “unauthorized” page
How can I call a action class instead of calling “unauthorized” page?
In this case you are forwarding to an page which should be outside WEB-INF folder. Instead I would like to call an Action class. How can I do that?
Leon,
Thanks a lot. That was what I was looking for. It is like you say: no hard-coded reference to a JSP – a reference that I did not like at all. This is much cleaner.
Lucas
The actual way to do it would be to forward to a global forward named “unauthorized” in the struts-config, like so
{
ForwardConfig fc = mapping.getModuleConfig().findForwardConfig(“unauthorized”);
request.getRequestDispatcher(fc.getPath()).forward(request,response);
}
No need for hardcoded errropage …
Matthew: without lowering ourselfs to a framework-flamewar, could you elaborate on that?
Best practice #1:
Just switch to webwork and be done with it.