THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
This page provides info relevant to the Roller struts2 migration effort which is starting as of Roller 4.0 and will end ??
Changes in Design
UIAction class
One of the goals of the struts2 migration is to make our actions simpler and easier to work on by having all the code and features which are common to all (or most) actions take place automatically and the UIAction class is how we do that. The UIAction class is a base class for actions to extend and provides support for all the things that we expect most of our actions will need to do, such as looking up the authenticated user, applying security checks on weblog permissions, setting action messages and errors, defining a page title, setting the tabbed menu preferences, etc, etc. Many of these things which were handled in custom or inconsistent ways in our struts1 forms are now handled in a simple and consolidated manner now and are provided to action developers for free.
Feel free to take a look at the UIAction class when you first start working with struts2 actions in Roller, but i'll talk about some of it's features in the coming sections. The main thing to know is that the UIAction class is meant to serve as a solid base for all Roller struts2 actions.
Action Freebies
One of the main features of the UIAction class is that it provides free access to some of the things that were handled in custom ways in the old struts1 actions. The best examples of this are how to access the UserData object representing the authenticated user, and the WebsiteData object representing the weblog being dealt with by the action. Pretty much all of Roller's actions require these 2 objects to work properly and so the UIAction has taken care of them for you by providing you getAuthenticatedUser() and getActionWeblog() methods.
These objects are automatically populated for all actions which extend UIAction so that the writer of the action can simply expect them to be there and focus on the action logic rather than filling their action with lots of boiler plate code for checking for these objects and looking them up. These objects are populated by a special struts2 interceptor which is applied to all actions which extend UIAction, so effectively what you get as an action developer is a freebie =)
Currently these are the only 2 objects which are extracted from the request and made available via UIAction, all other objects should be loaded by the action itself since they are more action specific.
Security Enforcement
One of the major things that the old struts1 code did poorly was action security enforcement. In specific, in all of the old struts1 code you would see a bunch of boilerplate code which basically did this ...
| No Format |
|---|
RollerSession rses = RollerSession.getRollerSession(request);
RollerRequest rreq = RollerRequest.getRollerRequest(request);
UserData user = rses.getAuthenticatedUser();
WebsiteData weblog = rreq.getWebsite();
if(user.hasPermissions(weblog, PermissionsData.AUTHOR)) {
// do action logic
} else {
return mapping.findForward("access-denied");
}
|
Now that's a lot of code to be duplicating in every action and lucky for you, with the new struts2 actions it's no longer necessary. Instead of having all that security enforcement code inside of the action methods its now been pushed higher up the execution chain and it happens in a custom interceptor before the action method ever gets executed, so all you need to know is that if the request actually gets to your action method then all the right permission checking has been done already.
Now, obviously each action will have different security constraints and so we still need a way to specify those constraints, so you job isn't completely taken care. All you need to do to ensure that the proper security rules are applied for your action is potentially override a couple of methods. The UIAction base class implements an interface called UISecurityEnforced which looks like this ...
| No Format |
|---|
public boolean isUserRequired();
public boolean isWeblogRequired();
public String requiredUserRole();
public short requiredWeblogPermissions();
|
These methods provide
myPrepare() method
Tabbed Menu controls
Migration Walkthrough
Migrating Actions
...