Announcement Announcement Module
No announcement yet.
Struts Tiles and Filters Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Struts Tiles and Filters

    Hi all,

    I have an existing Struts/Tiles/Spring/Hibernate app. We currently do authentication via a LoginAction. My questions are:

    1) Can an acegi filter work with Tiles?
    2) Can I take advantage of our existing Principle and Credentials validation done by Tiles?

    1 or 2 are no ...

    3) Are Filters mandatory when using acegi?
    3) Can I do the acegi programmatically in the LoginAction? Any examples doing this out there?


  • #2
    #1. The acegi filters and Tiles aren't related. The filters kick-in even before the JSP renders and Tiles gets a chance to do any work. So to answer your question, the filters do work with Tiles.

    #2. I think you meant to say the Validator, not Tiles. The validator may be used in Struts apps to do validation. The validator can be used outside of Tiles. See the Jakarta Validator site for details on that. You could tap into it to validate credentials by extending the AuthenticationProcessingFilter and overiding the onPreAuthentication method to call the validator. If you find a validation problem you send a response back right from there. I think this would work, but I didn't look at it too closely.

    #3. No they are not mandatory. You just need to make sure you get the work done some how. The fiters are a great way. There's no reason you can't use them with Struts. They're MVC agnostic. That's the great thing about the design. I suggest you keep them in case you want to swap out Struts someday. There's no need to do extra work.

    #4. If you want to do authentication by hand inside an action, then you need to make sure you store the Authentication object in the ContextHolder so it can be accessed throughout the life of the request. Here's a code snip

            Authentication usernamePasswordAuthentication = new UsernamePasswordAuthenticationToken(username,password);
            Authentication authentication = getAuthenticationManager().authenticate(usernamePasswordAuthentication);
            SecureContext context = new SecureContextImpl();
    You'd need to pass in the authentication manager. You could do this by integrating Struts and Spring using the delegation method.

    Note, you'll need to make sure you shuttle the Authentication object in/out of the HttpSession, but that's the job of the HttpSessionContextIntegrationFilter. That would be another job you would need to take care of if you decided not to use the filters.


    • #3
      Thanks for your reply, it clarified things alot. Per your advice I'm going to try the Filter approach.

      To do that, the first issue we are trying to solve is #2. We are using a Struts ValidatorForm, which if I understand correctly Struts will create an ActionForm, automatically call validate() and pass that to the Action. So How do I:

      (A) get the ActionForm in a Servlet Filter to get the login/password - I'm thinking request.getParameterValues()

      (B) how to call the ActionForms validate() on the values - I'm thinking somehow to convert to org.apache.commons.validator.ValidatorAction.

      Above all I'm trying to diplomatically use what we already have as much as possible. Any replies appreciated,



      • #4
        On the working assumption that you'll be using the filters to trigger a login, and you'll be doing your validation from the AuthenticationProcessingFilter.onPreAuthentication (..), then you won't be able to access the login form posted by the login page as an ActionForm. That's because the filters are invoked before the request reaches Struts (namely the Struts RequestProcessor.processActionForm via the ActionServlet). Therefore, you need to extract the request parameters manually and ship them off to the validator.

        The easiest way might be to use request.getParamterMap to get the request parameters into a map. Then create a JavaBean with all the getters/setters with the same name as the request parameters. Then use BeanUntils.populate to populate your JavaBean. This will automatically convert the data types for you.

        The next step is to call the Validator programatically. I've done it, but I can't recall the details. As I recall it was straight forward. This link says that there is an example that ships with the Validator You'll be sending your JavaBean to be validated, in much the same way the ActionForm would be validated. After all, an ActionForm is just a JavaBean. All of this is done outside of Struts. The point to keep in mind is that the filters intercept the request and forces a login and never gets to Struts. Once the user logs in, the request continues along its merry way to satisfy the struts request that was intercepted. That's when it finally reaches Struts.