This is the main action of any project. All other actions extend
this one. The main purpose of this action is to offer all the common
operations needed by the actions of a project, such as the
authentication and the authorization process. This class must extend the
class JFWAction.
The authentication process is implemented in method
isAuthenticated
offered as an abstract method by JFWAction.
Can be as simply as this one:
In the above example we just bypass the authentication process returning always true. If the
authentication fails, that means that the method return false, then the action requested will not
execute and the authentication jsp page defined in struts-config.xml will be returned.
In our examples, the authentication error page is the one with name authentication_error_page;
Here is the definition in the struts-config.xml file:
We can decide more dynamically about the authentication process looking at the parameter simulate_authentication
of jfw.properties. For example:
The method isSimulateAuthentication() returns the boolean value of the parameter.
In our example, we use the class CheckUser that implements the logic for the authentication
and for the authorization process by using other classes of the framework and/or implementing specific
logic needed in our project. You can find the source of the class in the
webapp examples.
The above example, not only decides about the return value of the
method, but also creates an instance of the class UserData:
This class contains the user login data (such as username
and password) that identifies in unique mode, our user.
This instance is always available to all the actions using the method
getUser
but first must be saved using the method
addUserDataInSession.
Also the instance has been added in the HashMap container of output data using the method setUserDataInOutputData.
In a similar way, we can implement the authorization process as you can see here:
In the authorization process, we decide if the user can execute an action. This decision is project
specific but if the one implemented in the framework is compatible with the one of your project then
you have to write just a few lines of code as you can see in the sources of the example.
If the method returns AUTHORIZED_NO then the authorization error page will be returned to the user.
In our examples the authorization error page is the one with name authorization_error_page;
here is the definition in the struts-config.xml file:
If you want to have more control on the authentication and the authorization process then you can override
the method security.
Other two methods can be implemented in main action: these are
beforeMyExecute
and
afterMyExecute.
As the name suggests, the method beforeMyExecute is executed before the
execution of method myExecute (the method which implements the logic of an action) and
the method afterMyExecute is executed after the execution of method myExecute.