Quantcast
Grails Grails - dev

Action Filters/Interceptors

classic Classic list List threaded Threaded
3 messages Options
graemer
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Action Filters/Interceptors

graemer
One thing I think we need to implement before release is the concept
of filters or interceptors. Without which it becomes difficult to do
things like authentication. In this case it may be worthwhile
borrowing from the Rails syntax for this:

class SomeController {

@Property beforeFilter = [ execute:authenticate, except:index ]


protected @Property authenticate = {
        if(!session['user']) {
                redirect(action:login)
                return false
        }
}

@Property doSomethingSecure = {
        // should have redirected to login
}

@Property login = {
   // the login page
}

}

What do you think? Btw this is another case which would look nicer
with the 'def' syntax:

class SomeController {

def beforeFilter = [ execute:authenticate, except:index ]


protected def authenticate = {
        if(!session['user']) {
                redirect(action:login)
                return false
        }
}

def doSomethingSecure = {
        // should have redirected to login
}

def login = {
   // the login page
}

}

Graeme
Dierk König
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: Action Filters/Interceptors

Dierk König
Yes, we need to have that.

I guess SomeController should be SomeFilter (?)
and all filters are checked with every request (?) or is there some
url-to-filter mapping like in web.xml?

cheers
Mittie

> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]On Behalf
> Of Graeme Rocher
> Sent: Dienstag, 7. März 2006 14:54
> To: [hidden email]
> Subject: [grails-dev] Action Filters/Interceptors
>
>
> One thing I think we need to implement before release is the concept
> of filters or interceptors. Without which it becomes difficult to do
> things like authentication. In this case it may be worthwhile
> borrowing from the Rails syntax for this:
>
> class SomeController {
>
> @Property beforeFilter = [ execute:authenticate, except:index ]
>
>
> protected @Property authenticate = {
> if(!session['user']) {
> redirect(action:login)
> return false
> }
> }
>
> @Property doSomethingSecure = {
> // should have redirected to login
> }
>
> @Property login = {
>    // the login page
> }
>
> }
>
> What do you think? Btw this is another case which would look nicer
> with the 'def' syntax:
>
> class SomeController {
>
> def beforeFilter = [ execute:authenticate, except:index ]
>
>
> protected def authenticate = {
> if(!session['user']) {
> redirect(action:login)
> return false
> }
> }
>
> def doSomethingSecure = {
> // should have redirected to login
> }
>
> def login = {
>    // the login page
> }
>
> }
>
> Graeme

graemer
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Action Filters/Interceptors

graemer
On 07/03/06, Dierk Koenig <[hidden email]> wrote:
> Yes, we need to have that.
>
> I guess SomeController should be SomeFilter (?)
Well in rails filters are defined in the controller as in my example.
I see no reason why we should create a new artifact for this either

> and all filters are checked with every request (?) or is there some
> url-to-filter mapping like in web.xml?
In the example the line:

@Property beforeFilter = [ execute:authenticate, except:index ]

Tells grails that it should apply the filter for every request except
a request to index page, if you leave out the except, it applys it to
all actions in the controller. alternatively you could do:

@Property beforeFilter = [ execute:authenticate, only:secureAction ]

This is how rails implements it, my only concern is for multiple
filters.. maybe:

@Property beforeFilter = [ execute:[authenticate, checkSomething],
only:secureAction ]

Graeme

>
> cheers
> Mittie
>
> > -----Original Message-----
> > From: [hidden email] [mailto:[hidden email]]On Behalf
> > Of Graeme Rocher
> > Sent: Dienstag, 7. März 2006 14:54
> > To: [hidden email]
> > Subject: [grails-dev] Action Filters/Interceptors
> >
> >
> > One thing I think we need to implement before release is the concept
> > of filters or interceptors. Without which it becomes difficult to do
> > things like authentication. In this case it may be worthwhile
> > borrowing from the Rails syntax for this:
> >
> > class SomeController {
> >
> > @Property beforeFilter = [ execute:authenticate, except:index ]
> >
> >
> > protected @Property authenticate = {
> >       if(!session['user']) {
> >               redirect(action:login)
> >               return false
> >       }
> > }
> >
> > @Property doSomethingSecure = {
> >       // should have redirected to login
> > }
> >
> > @Property login = {
> >    // the login page
> > }
> >
> > }
> >
> > What do you think? Btw this is another case which would look nicer
> > with the 'def' syntax:
> >
> > class SomeController {
> >
> > def beforeFilter = [ execute:authenticate, except:index ]
> >
> >
> > protected def authenticate = {
> >       if(!session['user']) {
> >               redirect(action:login)
> >               return false
> >       }
> > }
> >
> > def doSomethingSecure = {
> >       // should have redirected to login
> > }
> >
> > def login = {
> >    // the login page
> > }
> >
> > }
> >
> > Graeme
>
>
Loading...
Powered by Nabble Edit this page