J F W

HOW TO : CORE

Project main action (struts 2)

This is the main action of any project. All other actions extend this one. The main propose of this action is to offer all the common operations needed by the actions of a project, such as the authentication and the authorization process. This class must extend the class JFWAction.

The authentication process is implemented in method isAuthenticated offered as an abstract method by JFWAction. Can be as simply as this one:

protected boolean isAuthenticated( ... ) throws Exception { return true; }

In the above example we just bypass the authentication process returning always true. If the authentication fails, that means that the method returns false, then the action requested will not execute and the authentication jsp page defined in jfwdefaults.xml will be returned.
In our examples the authentication error page is the one with name authentication_error_page; here is the definition in the jfwdefaults.xml file:

<global-results> ... <result name="authentication_error_page" type="tiles"> authentication_error_page </result> ... </global-results>

and this is the tiles definition in file tiles2-defs.xml:

<definition name="authentication_error_page" extends="std_layout2"> <put-attribute name="content" value="/jsp/authentication_error_page.jsp"/> </definition>

We can decide more dynamically about the authentication process looking at the parameter simulate_authentication of jfw.properties. For example:

private static CheckUser checkUser = new CheckUser(); protected boolean isAuthenticated( ... ) throws Exception { boolean result = true; if(isSimulateAuthentication()) { //simulate authentication UserData userData = checkUser.simulate(request); setUserDataInOutputData(outputdata, userData); result = true; } else { try { UserData userData = checkUser.authenticate(request, response); if(userData != null) setUserDataInOutputData(outputdata, userData); else result = false; } catch(DatabaseException dbe) { throw dbe; } catch(JFWGenericException jfwe) { throw jfwe; } catch(Throwable t) { JFWLogger.error(className, "isAuthenticated", "", "", t.toString(), t); throw new JFWGenericException(t.getMessage()); } } return result; }

The method isSimulateAuthentication() returns the boolean value of the parameter.
In our example we use the class CheckUser that implements the logic for the authentication and for the authorization process by using other classes of the framework and/or implementing specific logic needed in our project. You can find the source of the class at webapp examples.
The above example not only decides about the return value of the method but also creates an instance of the class UserData: this class contain the user login data (such as username and  password) that identify in unique mode our user. This instance is always available at all the actions using the method getUser but first must be saved using the method addUserDataInSession.
Also the instance has been added in the HashMap container of output data using the method setUserDataInOutputData.

In a similar, way we can implement the authorization process as you can see here:

protected int isAuthorized( ... ) throws Exception { int result = Authorization.AUTHORIZE_ALL; if(!isSimulateAuthorization()) result = checkUser.authorize(request, response,userData); if(result == Authorization.SERVICE_NOT_FOUND) result = Authorization.AUTHORIZE_AUTHENTICATED; return result; }

In the authorization process, we decide if the user can execute an action. This decision is project specific but if the one implemented in the framework is compatible with the one of your project, then you have to write just a few lines of code as you can see in the sources of the example.
If the method returns AUTHORIZED_NO, then the authorization error page will be returned to the user. In our examples, the authorization error page is the one with name authorization_error_page; here is the definition in the jfwdefaults.xml file:

<global-results> ... <result name="authorization_error_page" type="tiles"> authorization_error_page </result> ... </global-results>

and this is the tiles definition in file tiles2-defs.xml:

<definition name="authorization_error_page" extends="std_layout2"> <put-attribute name="content" value="/jsp/authorization_error_page.jsp"/> </definition>

If you want to have more control on the authentication and the authorization process, you can override the method security.

Other two methods can be implement in main action: these are beforeMyExecute and afterMyExecute. As the name suggests, the method beforeMyExecute is executed before the execution of method myExecute (the method which implements the logic of an action) and the method afterMyExecute is executed after the execution of method myExecute.