J F W

making web application programming easier is possible

HOW TO : CORE

Project main action

This is the main action of any project. All other actions extend this one. The main purpose of this action is to offer all the common operations needed by the actions of a project, such as the authentication and the authorization process. This class must extend the class JFWAction.

The authentication process is implemented in method isAuthenticated offered as an abstract method by JFWAction. Can be as simply as this one:

In the above example we just bypass the authentication process returning always true. If the authentication fails, that means that the method return false, then the action requested will not execute and the authentication jsp page defined in struts-config.xml will be returned.
In our examples, the authentication error page is the one with name authentication_error_page; Here is the definition in the struts-config.xml file:

We can decide more dynamically about the authentication process looking at the parameter simulate_authentication of jfw.properties. For example:

The method isSimulateAuthentication() returns the boolean value of the parameter.
In our example, we use the class CheckUser that implements the logic for the authentication and for the authorization process by using other classes of the framework and/or implementing specific logic needed in our project. You can find the source of the class in the webapp examples.
The above example, not only decides about the return value of the method, but also creates an instance of the class UserData: This class contains the user login data (such as username and  password) that identifies in unique mode, our user. This instance is always available to all the actions using the method getUser but first must be saved using the method addUserDataInSession.
Also the instance has been added in the HashMap container of output data using the method setUserDataInOutputData.

In a similar way, we can implement the authorization process as you can see here:

In the authorization process, we decide if the user can execute an action. This decision is project specific but if the one implemented in the framework is compatible with the one of your project then you have to write just a few lines of code as you can see in the sources of the example.
If the method returns AUTHORIZED_NO then the authorization error page will be returned to the user. In our examples the authorization error page is the one with name authorization_error_page; here is the definition in the struts-config.xml file:

If you want to have more control on the authentication and the authorization process then you can override the method security.

Other two methods can be implemented in main action: these are beforeMyExecute and afterMyExecute. As the name suggests, the method beforeMyExecute is executed before the execution of method myExecute (the method which implements the logic of an action) and the method afterMyExecute is executed after the execution of method myExecute.