On a side note, there is a Mule plugin for Eclipse available here.  The plugin allows you to create a Mule project in Eclipse which adds all of the Mule libraries to your project class path, adds your project to Mule’s runtime classpath and allows you to right click your Mule configuration file then select Run As/Debug As -> Mule Server.  Running Mule from Eclipse gives you the ability to add break points to any of your supporting classes such as custom transformers or Mule components.

Our fictional web service will be a weather service that returns the weather for a supplied ZIP code.  The weather service endpoint interface (SEI) has a method with the following signature: public Weather getWeather(String zipCode).  By accepting a String this can be easily tested using the Mule standard IO connector without any data type transformers.

To run this example you will need to create a simple contrived web service with the getWeather method and a client using Apache CXF.  Your generated client must be on Mule’s runtime class path.  You can put the client on Mule’s classpath by creating a jar file and dropping it in $MULE_HOME/lib/user or, for testing purposes, make your generated client part of your Mule project in Eclipse.  To run Mule with your configuration file run the command $MULE_HOME/bin/mule -config /path/to/my/mule/config.xml or from Eclipse right click your Mule config file then click Run As -> Mule Server.

Here is the Mule 2.2.1 configuration to take in a ZIP code from the console, call the web service with the supplied input and print the result back to the console.

Note: In a real life scenario you would not be using the Mule standard input connector to get the input.  You would be using something like an http, jms, or one of Mule’s many other available connectors depending on your system. The Mule standard IO connector is only useful for testing your Mule configuration.

<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns="http://www.mulesource.org/schema/mule/core/2.2"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:spring="http://www.springframework.org/schema/beans"
    xmlns:stdio="http://www.mulesource.org/schema/mule/stdio/2.2" xmlns:vm="http://www.mulesource.org/schema/mule/vm/2.2"
    xmlns:cxf="http://www.mulesource.org/schema/mule/cxf/2.2"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
       http://www.mulesource.org/schema/mule/core/2.2 http://www.mulesource.org/schema/mule/core/2.2/mule.xsd
       http://www.mulesource.org/schema/mule/stdio/2.2 http://www.mulesource.org/schema/mule/stdio/2.2/mule-stdio.xsd
       http://www.mulesource.org/schema/mule/vm/2.2 http://www.mulesource.org/schema/mule/vm/2.2/mule-vm.xsd
       http://www.mulesource.org/schema/mule/cxf/2.2 http://www.mulesource.org/schema/mule/cxf/2.2/mule-cxf.xsd
       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">

    <!-- This connector will be used to accept our input from the console.
         It will output a prompt after a 1 second delay. -->
    <stdio:connector name="SystemStreamConnector"
        promptMessage="Enter a ZIP Code: " messageDelayTime="1000" />

    <model name="webServiceSample">
        <service name="SimpleWeatherService">
            <!-- any number of endpoints can be added to an inbound router -->
            <inbound>
                <!--  Our inbound endpoint is setup to use the stdio:connector
                      defined earlier.  The endpoint is also marked as
                      synchronous which meas it will wait on the result. -->
                <stdio:inbound-endpoint system="IN" synchronous="true"/>
            </inbound>
            <!-- Once our input has been read it is sent to the outbound router.
                 At this point our Mule message payload is the String read from
                 the console. -->
            <outbound>
                <!-- Here we will use a chaining router.  A chaining router
                    processes each endpoint in sequence with the result of the first
                    outbound enpoint being sent as input to the next endpoint.
                    This is kind of analogous to a Unix pipe. -->
                <chaining-router>
                    <!-- Send our input to an in memory endpoint that will make
                         the call to the Weather web service. -->
                    <vm:outbound-endpoint path="weather.endpoint" synchronous="true" />

                    <!--  Send the result of the first outbound endpoint which is
                          the Weather object returned by the web service call to
                          another in memory endpoint that will output the result. -->
                    <vm:outbound-endpoint path="echo.endpoint" synchronous="true" />
                </chaining-router>
            </outbound>
        </service>

        <!--  This service will handle the call to the remote weather service. -->
        <service name="WeatherProxyService">
            <!-- Accepts the String input then sends it to the remote weather service
                 via a CXF outbound endpoint. -->
            <inbound>
                <vm:inbound-endpoint name="weatherEndpoint" path="weather.endpoint" />
            </inbound>
            <outbound>
                <!-- A pass through router simply routes the message straight to
                     the enpoint. -->
                <pass-through-router>
                    <!-- Mule's built-in CXF outbound endpoint will call the remote
                         web service.  The service returns a Weather object which
                         will be returned back to the calling service component,
                         "SimpleWeatherService" in this case.

                         The parameters to the cxf endpoint are:
                         address - The address of the remote web service including
                                   the port name as defined in the WSDL
                         clientClass - The client class generated by CXF.
                         wsdlPort - The port name you want to call defined in the WSDL.
                         operation - The method to call on the web service. Note:
                                     the payload of the Mule message at this point will
                                     be sent as the argument to the web service method.
                                     In our case it is simply a String. Normally
                                     you would have a Mule transformer to
                                     transform your input object
                                     into the object type expected by the remote service.
                      -->
                    <cxf:outbound-endpoint
                        address="http://localhost:8080/weatherService/services/WeatherServiceImplPort"
                        clientClass="cxf.mike.WeatherService_Service"
                        wsdlPort="WeatherServiceImplPort"
                        wsdlLocation="http://localhost:8080/weatherService/services/WeatherServiceImplPort?wsdl"
                        operation="getWeather" />
                </pass-through-router>
            </outbound>
        </service>

        <service name="EchoService">
            <inbound>
                <vm:inbound-endpoint name="echoEndpoint" path="echo.endpoint" />
            </inbound>
            <!-- The mule echo component simply outputs the Mule messagae payload
                 to the console. -->
            <echo-component />
        </service>
    </model>
</mule>

<sx:datetimepicker id="datepicker" name="date" onchange="myCallback();" displayFormat="yyyyMMdd"/>


However, you will quickly discover that this does not fire an event when the value of the widget changes.

There are 2 steps involved in registering an event listener with the widget.

Call the dojo.addOnLoad() Function

The dojo.addOnLoad() function takes a function as an argument and will automatically fire after all the dojo widgets in your form have been initialized.

dojo.addOnLoad(initDatetimePicker);

Your callback function will be registered in the function passed to addOnLoad();

One note of caution if you are using JQuery.  I tried to bypass the dojo.addOnLoad() function call by calling initDatetimepicker() in the $(‘document’).ready construct like so:

$('document').ready(function() { initDatetimePicker(); });

However, this will not work because the $(‘document’).ready function actually fires before all of the dojo widgets are initialized.

Register Your Callback Function to Fire on the onValueChanged Event

Inside the function you passed to dojo.addOnLoad()  in the previous step is where you will register your callback function with the datetimepicker widget.  Here is the code:

function initDatetimePicker() {
    var datepicker = dojo.widget.byId("datepicker");
    dojo.event.connect(datepicker, "onValueChanged", myCallback );
}

Calling the dojo.event.connect() function will register your call back function with the appropriate event, onValueChanged in this case.  The connect() function takes three arguments: a reference to the datetimepicker widget, the event you want to listen for, and your callback function.

Accessing the Selected Date in the Callback Function

To access the the date selected by the user in your callback function you simply call the getDate() function on the datetimepicker widget.

 var date = dojo.widget.byId("datepicker").getDate();

Full Code Example

Here is the full working code snippet:

<%@taglib prefix="s" uri="/struts-tags">
<%@taglib prefix="sx" uri="/struts-dojo-tags">

<s:head />
<sx:head debug="false" cache="true" />

<script type="text/javascript">

function initDatetimePicker() {
    var datepicker = dojo.widget.byId("datepicker");
    dojo.event.connect(datepicker, "onValueChanged", myCallback );
}

function myCallback()  {
    var date = dojo.widget.byId("datepicker").getDate();
    alert(date);
}

dojo.addOnLoad(initDatetimePicker);

</script>

<s:form theme="simple" action="someAction">
    <sx:datetimepicker id="datepicker" name="date" displayFormat="yyyyMMdd" />
</s:form>

Steps in CAS Authentication

1. CAS client application redirects to the CAS server’s login URL with the client application’s URL set as the value of the service request parameter.

Example URL:  https://cas.mydomain.com/login?service=https://myapp.mydomian.com

2.  CAS will look for a cookie in the current browser session to determine if the user is authenticated.  If the user has not yet authenticated to CAS via another CAS client, CAS will display the CAS login screen.  If the user is already authenticated via another CAS client, CAS proceeds to the next step without presenting the user with the login screen.

3. Upon successful authentication CAS will redirect back to your client application with a service ticket set as a request parameter on the URL.

4. The CAS client programatically opens an SSL connection back to the CAS server to validate the issued service ticket.

This step is where most people have trouble.  The CAS client JVM must trust the CAS server’s SSL certificate in order for this step to work.  Note that I’m not talking about the client’s application server, but the clients JVM environment. If the client JVM does not trust the CAS server’s certificate, an exception will be thrown.

You must import the CAS server’s SSL certificate into the client JVM’s trusted store.

The global trust store can be found at $JAVA_HOME/jre/lib/security/cacerts.

Note that the global trust store comes with the root certificates of most of the well known certificate authorities installed, so if your certificate has been signed by a CA, you might not need to import anything.

You can use the following keytool command to import the CAS server’s certificate into the global trust store:

keytool -import -alias cas_server -keystore $JAVA_HOME/jre/lib/security/cacerts -file cas_server_cert_file.cer.

See the keytool documentation for more about how to export and import certificates.

5. If the service ticket validation is successful the CAS client will set the user principal in the client application.

Sample Client

Here is a sample Java client implemented as a servlet filter to demonstrate the exact flow between the CAS server and client.  This client is a very quick and dirty example meant for demo purposes only, please don’t try to use this code in any sort of production environment.

package com.mycompany.cas.client.test;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.authentication.AttributePrincipalImpl;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.AssertionImpl;
import org.jdom.Document;
import org.jdom.Element;
import org.jdom.Namespace;
import org.jdom.input.SAXBuilder;

public class CasTestClient implements Filter {
    private final String CAS_LOGIN_URL = "https://cas.mydomain.com/cas/login";
    private final String CAS_VALIDATE_URL = "https://cas.mydomain.com/cas/serviceValidate";
    private final String THIS_APPS_URL = "http://mydomain/cas-testing/";

    @Override
    public void doFilter(ServletRequest req, ServletResponse resp,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) req;
        HttpServletResponse httpResponse = (HttpServletResponse) resp;

        // If the user principal is not null the user has been authenticated
        // by this application so just continue on to the next filter in the
        // request chain.
        if (httpRequest.getSession().getAttribute("_const_cas_assertion_") != null) {
            chain.doFilter(req, resp);
            return;
        }

        // User is NOT authenticated to this application, so we must query the
        // CAS server to authenticate.

        // If the user has already authenticated to CAS via another application,
        // CAS will simply redirect back to this application with a
        // service ticket set as a request parameter without displaying the
        // login screen.  If the user hasn't authenticated to CAS via another application,
        // CAS will display the login screen then redirect back to this application
        // with a service ticket after successfully authenticating.

        // Get the service ticket.
        String serviceTicket = req.getParameter("ticket");

        // If there is no service ticket parameter then redirect to the CAS
        // login URL to get one.
        if (serviceTicket == null || serviceTicket.length() < 1) {
            String redirectURL = CAS_LOGIN_URL + "?service=" + THIS_APPS_URL;
            httpResponse.sendRedirect(redirectURL);
            return;
        }

        // Since we have a service ticket from CAS, validate the ticket by opening
        // an SSL connection to the server and reading the response.
        String urlString = CAS_VALIDATE_URL + "?ticket=" + serviceTicket + "&service=" +
            THIS_APPS_URL;

        URL url = new URL(urlString);
        URLConnection connection = url.openConnection();

        BufferedReader in =
            new BufferedReader(new InputStreamReader(connection.getInputStream()));

        String xmlResponse = "";
        String line = "";
        while ((line = in.readLine()) != null) {
            System.out.println(line);
            xmlResponse += line;
        }
        in.close();

        String userData = null;

        // Parse the xml response
        try {
            Namespace namespace = Namespace.getNamespace("cas", "http://www.yale.edu/tp/cas");
            SAXBuilder builder = new SAXBuilder();
            Document xmlDoc =
                builder.build(new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")));
            Element rootElement = xmlDoc.detachRootElement();

            Element successElement = rootElement.getChild("authenticationSuccess",
                    namespace);

            // if the user element is null there was an error validating
            // the service ticket, so redirect to an error page.
            if (successElement == null) {
                System.err.print("Error validating CAS ticket.");
                httpResponse.sendRedirect("error_page.jsp");
                return;
            }

            Element userElement = successElement.getChild("user", namespace);
            userData = userElement.getText();
        } catch (Exception e) {
            e.printStackTrace();
        }

        // If user data is null or empty redirect to an error page.
        if (userData == null || userData.length() < 0) {
            System.err.print("Error getting user data.");
            httpResponse.sendRedirect("error_page.jsp");
            return;
        }

        // Create a principal and assertion object and set in the session
        AttributePrincipal principal = new AttributePrincipalImpl(userData);
        Assertion assertion = new AssertionImpl(principal);
        httpRequest.getSession().setAttribute("_const_cas_assertion_", assertion);
        chain.doFilter(req, resp);

    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {
        // TODO Auto-generated method stub

    }

    @Override
    public void destroy() {
        // TODO Auto-generated method stub

    }
}

Thanks to Bob Short who commented below —  here is a better way to get the same effect without modifying any code.   I couldn’t find any documentation on this when I did the implementation, but I should have read the Spring Security API documentation better before modifying code.  After Bob’s suggestion I simply changed my CAS/Spring Security configuration as listed below and everything worked great.

The only change from the Spring Security CAS sample application is the authenticationSuccessHandler property of the CASAuthenticationFilter bean.

Instead of using SimpleURLAuthenticationSuccess hander use SavedRequestAwareAuthenticationSuccessHandler.

<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureHandler">
            <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
                <property name="defaultFailureUrl" value="/casfailed.jsp"/>
            </bean>
        </property>
        <property name="authenticationSuccessHandler">
            <bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
                <property name="defaultTargetUrl" value="/"/>
            </bean>
        </property>
    </bean>

--  Original Article  --

I recently implemented single sign-on within our corporate web world using Jasig CAS and Spring Security.  Everything worked as expected except for direct access to a URL within the web site. I needed to find a solution to this problem if possible because our users were accustomed to bookmarking specific pages within the website. Below is an in depth description of the problem and the solution I used to resolve it.

The Problem

If a user tried to access a page within the website such as, http://www.mysite.com/my_webapp/foo/some_page.jsp, without first being authenticated the user would be redirected to the site's home page after logging in through CAS.  It was easy to see why this was happening by observing the URL parameters during the redirects between CAS and the web application.

Here are the steps:

The unauthenticated user tries to access a web page:

http://www.mysite.com/my_webapp/foo/some_page.jsp.

Spring Security intercepts the request and redirects to the CAS server for authentication. The resulting CAS URL would be something like:

https://cas.mydomain.com/cas/login?service=http://www.mysite.com/my_webapp/j_spring_cas_security_check

Note: The service URL is defined in the service properties bean of your Spring Security configuration like so:

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <property name="service" value="http://www.mysite.com/my_webapp/j_spring_cas_security_check"/>
        <property name="sendRenew" value="false"/>
    </bean>

Notice that the service URL does not contain any information regarding the original page requested by the user.

After successful authentication CAS will redirect the user back to the URL /j_spring_cas_security_check.  Spring will then direct the user to the page defined by the property defaultTargetUrl set on the Spring authentication success hander bean:

<property name="authenticationSuccessHandler">
            <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
                <property name="defaultTargetUrl" value="/"/>
            </bean>
        </property>

The / value defined in the example above simply refers to the root of the web application which should be used in most cases.

The Solution

It was obvious at this point that the originally requested URL needed to be part of the service request parameter sent to the CAS server and also be available to the Spring CAS client filter on the redirect from CAS back to our web application.

The final solution resulted in the Spring CAS client forming a CAS redirect URL like this:

https://cas.mydomain.com/cas/login?service=https://www.mydomain.com/my_webapp/j_spring_cas_security_check?spring-security-redirect=/content/some_page.jsp

Notice the new request parameter, spring-security-redirect, tacked onto the service URL parameter in bold.  This is the originally requested URL relative to the root of the web application.

In order to generate the above URL and have Spring security redirect to the path defined by spring-security-redirect we must make some slight changes to the Spring security CAS source code and the Spring configuration XML file.

The classes that I modified are:

org.springframework.security.cas.web.CasAuthenticationFilter

org.springframework.security.cas.web.CasAuthenticationEntryPoint

The CasAuthenticationEntryPoint class is responsible for generating the CAS redirect URL, so that is where we will add our new request parameter.

The CasAuthenticationFilter is where the redirect back from the CAS server is handled, so this is where we handle getting the user to the page they requested.

Modified org.springframework.security.cas.web.CasAuthenticationEntryPoint

In the custom CasAuthenticationEntry point class we simply extend the original class and override certain methods.  The main method of concern here is the createSerivceUrl method.  Our custom method adds the  spring-security-redirect request parameter to the service parameter URL sent to CAS.  See the commented code below.

package com.mycompany.spring.security;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.jasig.cas.client.util.CommonUtils;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.core.AuthenticationException;

public class CustomCasAuthenticationEntryPoint extends
        CasAuthenticationEntryPoint {

    @Override
    public final void commence(final HttpServletRequest servletRequest,
            final HttpServletResponse response,
            final AuthenticationException authenticationException)
            throws IOException, ServletException {

        final String urlEncodedService = createServiceUrl(servletRequest, response);
        final String redirectUrl = createRedirectUrl(urlEncodedService);

        response.sendRedirect(redirectUrl);
    }

    /**
     * Constructs a new Service Url.  The default implementation relies on the CAS client to do the bulk of the work.
     * @param request the HttpServletRequest
     * @param response the HttpServlet Response
     * @return the constructed service url.  CANNOT be NULL.
     */
    protected String createServiceUrl(final HttpServletRequest request,
            final HttpServletResponse response) {
        // get the request URI minus the leading "/"
        String url = request.getRequestURI().substring(1);
        String queryString = request.getQueryString();

        // If the request URI had a query string, append it
        // to the URL we're building.
        if (queryString != null && queryString.length() > 0) {
            url += "?" + queryString;
        }

        // Chop off the web app portion of the URL.
        // If your web app is the ROOT web app, you won't need this line.
        url = url.substring(url.indexOf("/"));

        // Return a service URL with the value of the request parameter
        // spring-security-redirect set to the URL we just built.
        return CommonUtils.constructServiceUrl(null,
                response,
                this.getServiceProperties().getService() + "?spring-security-redirect=" + url,
                null,
                this.getServiceProperties().getArtifactParameter(),
                true);
    }

    /**
     * Constructs the Url for Redirection to the CAS server.  Default implementation relies on the CAS client to do the bulk of the work.
     *
     * @param serviceUrl the service url that should be included.
     * @return the redirect url.  CANNOT be NULL.
     */
    protected String createRedirectUrl(final String serviceUrl) {
        return CommonUtils.constructRedirectUrl(this.getLoginUrl(),
                this.getServiceProperties().getServiceParameter(),
                serviceUrl,
                this.getServiceProperties().isSendRenew(), false);
    }

}

Modified org.springframework.security.cas.web.CasAuthenticationFilter

package com.mycompany.spring.security;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.TicketValidator;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/**
* Processes a CAS service ticket.
* <p>
* A service ticket consists of an opaque ticket string. It arrives at this filter by the user's browser successfully
* authenticating using CAS, and then receiving a HTTP redirect to a <code>service</code>. The opaque ticket string is
* presented in the <code>ticket</code> request parameter. This filter monitors the <code>service</code> URL so it can
* receive the service ticket and process it. The CAS server knows which <code>service</code> URL to use via the
* {@link ServiceProperties#getService()} method.
* <p>
* Processing the service ticket involves creating a <code>UsernamePasswordAuthenticationToken</code> which
* uses {@link #CAS_STATEFUL_IDENTIFIER} for the <code>principal</code> and the opaque ticket string as the
* <code>credentials</code>.
* <p>
* The configured <code>AuthenticationManager</code> is expected to provide a provider that can recognise
* <code>UsernamePasswordAuthenticationToken</code>s containing this special <code>principal</code> name, and process
* them accordingly by validation with the CAS server.
* <p>
* By configuring a shared {@link ProxyGrantingTicketStorage} between the {@link TicketValidator} and the
* CasAuthenticationFilter one can have the CasAuthenticationFilter handle the proxying requirements for CAS. In addition, the
* URI endpoint for the proxying would also need to be configured (i.e. the part after protocol, hostname, and port).
* <p>
* By default this filter processes the URL <tt>/j_spring_cas_security_check</tt>.
*
* @author Ben Alex
* @version $Id$
*/
public class CustomCasAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
   //~ Static fields/initializers ==========================================================

   /** Used to identify a CAS request for a stateful user agent, such as a web browser. */
   public static final String CAS_STATEFUL_IDENTIFIER = "_cas_stateful_";

   /**
    * Used to identify a CAS request for a stateless user agent, such as a remoting protocol client (e.g.
    * Hessian, Burlap, SOAP etc). Results in a more aggressive caching strategy being used, as the absence of a
    * <code>HttpSession</code> will result in a new authentication attempt on every request.
    */
   public static final String CAS_STATELESS_IDENTIFIER = "_cas_stateless_";

   /**
    * The last portion of the receptor url, i.e. /proxy/receptor
    */
   private String proxyReceptorUrl;

   /**
    * The backing storage to store ProxyGrantingTicket requests.
    */
   private ProxyGrantingTicketStorage proxyGrantingTicketStorage;

   private String artifactParameter = ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER;

   private ServiceProperties serviceProperties;

   //~ Constructors ====================================================================

   public CustomCasAuthenticationFilter() {
       super("/j_spring_cas_security_check");
   }

   //~ Methods ================================================================

   public Authentication attemptAuthentication(final HttpServletRequest request, final HttpServletResponse response)
           throws AuthenticationException {
       final String username = CAS_STATEFUL_IDENTIFIER;
       String targetUrl = request.getParameter("spring-security-redirect");
       String password = request.getParameter(this.artifactParameter);

       if (password == null) {
           password = "";
       }

       final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);

       authRequest.setDetails(authenticationDetailsSource.buildDetails(request));

       CasAuthenticationProvider provider = null;
       for (AuthenticationProvider ap :
           ((ProviderManager) this.getAuthenticationManager()).getProviders()) {
           if (ap instanceof org.springframework.security.cas.authentication.CasAuthenticationProvider) {
               provider = (CasAuthenticationProvider) ap;
               break;
           }

       }

       if (provider != null) {
           ServiceProperties sp = new ServiceProperties();
           sp.setService(this.serviceProperties.getService()
                   + "?spring-security-redirect=" + targetUrl);

           provider.setServiceProperties(sp);
       }

       return this.getAuthenticationManager().authenticate(authRequest);
   }

   /**
    * Overridden to provide proxying capabilities.
    */
   protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) {
       final String requestUri = request.getRequestURI();

       if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestUri.endsWith(this.proxyReceptorUrl) || this.proxyGrantingTicketStorage == null) {
           return super.requiresAuthentication(request, response);
       }

       try {
           CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
           return false;
       } catch (final IOException e) {
           return super.requiresAuthentication(request, response);
       }
   }

   public final void setProxyReceptorUrl(final String proxyReceptorUrl) {
       this.proxyReceptorUrl = proxyReceptorUrl;
   }

   public final void setProxyGrantingTicketStorage(
           final ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
       this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
   }

   public final void setServiceProperties(final ServiceProperties serviceProperties) {
       this.serviceProperties = serviceProperties;
   }
}

The first modification is on line 71 where we declare a serviceProperties member variable to be injected by Spring.  The Spring security API does not allow access to the ServiceProperties object from with this class, so we must inject a ServiceProperties object in our Spring configuration as shown in the last section of the article.

private SericeProperties serviceProperties;

The next modification  is line 84 which simply reads in our new request parameter described above.

String targetUrl = request.getParameter("spring-security-redirect");

Lines 95 through 111 encompass the bulk of the modifications to this class shown below with comments.

CasAuthenticationProvider provider = null;

// Loop through all AuthenticationProviders to find the CAS provider.
for (AuthenticationProvider ap :
        ((ProviderManager) this.getAuthenticationManager()).getProviders())  {

    if (ap instanceof org.springframework.security.cas.authentication.CasAuthenticationProvider) {
        provider = (CasAuthenticationProvider) ap;
        break;
    }
}

if (provider != null) {
    // Create a new service properties object.  This is necessary because the API
    // doesn't allow access to the configured object.
    ServiceProperties sp = new ServiceProperties();

    // Add the targetUrl read in from our new request parameter to the the the service URL.
    sp.setService(this.serviceProperties.getService() + "?spring-security-redirect=" + targetUrl);

    // set the new SeriveProperties on the provider.
    provider.setServiceProperties(sp);
}

Spring Configuration

Finally we need to add the custom classes to our Spring configuration file.  Note that the custom authentication filter will need the serviceProperties property set on it so that it can be accessed within the class.

<bean id="casAuthenticationFilter" class="com.mycompany.spring.security.CustomCasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <!--  Only valid for our custom filter. -->
        <property name="serviceProperties" ref="serviceProperties"/>
        <property name="authenticationFailureHandler">
            <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
                <property name="defaultFailureUrl" value="/casfailed.jsp"/>
            </bean>
        </property>
        <property name="authenticationSuccessHandler">
            <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
                <property name="defaultTargetUrl" value="/"/>
            </bean>
        </property>
    </bean>

    <bean id="casProcessingFilterEntryPoint" class="com.mycompany.spring.security.CustomCasAuthenticationEntryPoint">
        <property name="loginUrl" value="https://cas.mydomain.com/cas/login"/>
        <property name="serviceProperties" ref="serviceProperties"/>
    </bean>

I’m going to give a brief overview before getting into the code portion.

First of all, Struts 2 will not support Ajax multipart form data via tags, so you will need to write a small javascript function to send the data to the server when the submit button is clicked.

On the server we’ll set up a directory to store the uploaded files and keep track of the files in a List stored in the Session.

We will have two JSP pages.  One with the main form and another one that displays the list of uploaded files.

The Javascript Function:

Since Struts 2 will not support multipart form data natively we will write a small javascript function that uses dojo to send the data to the server.

 // make sure you include this
 dojo.require("dojo.io.IframeIO");

// formId - Id of form being submitted
// indicatorId - Id of indicator
// viewId - Id of the view to update
function sendToServer(formId, indicatorId, viewId) {
 // show the indicator
 document.getElementById(indicatorId).style.display = '';
 var bindArgs = {
     transport: "IframeTransport",
     formNode: formId,
     mimetype: "text/html",
     load: function(type, data, evt) {
         // update the view with data returned from server
         document.getElementById(viewId).innerHTML = data.firstChild.innerHTML;

         // turn off the indicator
         document.getElementById(indicatorId).style.display = 'none';
       }
    };
    var request = dojo.io.bind(bindArgs);
}

The function takes three string arguments:

• formId – This is the id of the form element that contains the multipart form data.
• indicatorId – Id  of the element you are using to indicate that processing is taking place. Usually an animated gif.
• viewId – This is the id of the element that will be updated with data returned from the server.  In this example the server will return another JSP page.

The Form:

Here is the JSP page containg the multipart form:

<%@ taglib prefix="s" uri="/struts-tags" %>
<%@ taglib prefix="sx" uri="/struts-dojo-tags" %>
<sx:head debug="false" cache="false"/>
<s:head/>

<script type="text/javascript">
 // make sure you include this
 dojo.require("dojo.io.IframeIO");

// formId - Id of form being submitted
// indicatorId - Id of indicator
// viewId - Id of the view to update
function sendToServer(formId, indicatorId, viewId) {
 // show the indicator
 document.getElementById(indicatorId).style.display = '';
 var bindArgs = {
 transport: "IframeTransport",
 formNode: formId,
 mimetype: "text/html",
 load: function(type, data, evt) {
 // update the view with data returned from server
 document.getElementById(viewId).innerHTML = data.firstChild.innerHTML;

 // turn off the indicator
 document.getElementById(indicatorId).style.display = 'none';
 }
 };
 var request = dojo.io.bind(bindArgs);
}
</script>

<H1>Ajax File Upload Test</H1>

<s:form name="form1" id="mainForm" theme="simple" method="POST">
<table cellspacing="3" cellpadding="3" width="50%">
<tr>
<td>Some Information:</td>
<td><s:textfield name="someData"/></td>
</tr>
<tr>
<td>Some More Information:</td>
<td><s:textfield name="moreData"/></td>
</tr>
</table>
</s:form>
<div style="border: solid #dedede 1px; padding: 3px;">
 <!--  To keep the form form double submitting,
 I had to set the onsubmit attribute
 of the form to call the dojo function and
 then return false instead of just setting
 onclik on the submit button.
 -->
 <s:form theme="simple" action="attachFile"
         id="attachFileForm" method="post"
         enctype="multipart/form-data"
         onsubmit="sendToServer('attachFileForm', 'uploadingFileInd', 'attachedFilesView'); return false;">

 <s:file id="fileSelect" size="50" name="fileUpload.file"/>

 <sx:submit transport="IframeTransport"
            showLoadingText="false"
            value="%{'Attach File'}"
            indicator="uploadingFile"/>

 <img id="uploadingFileInd" src="/images/ajax-loader.gif" style="display:none"/></td>
</s:form>

 Attached Files:
 <!-- The element that contains what will be returned from the server. -->
<div id="attachedFilesView">
    <jsp:include page="uploadlist.jsp"/></div>
</div>
<!--  submit button for the other form -->
<input onclick="document.form1.submit();" value="Submit" type="button">

When the form is submitted the sendToServer javascript function is called then the boolean value false is returned.  The form would attempt to submit again after the javascript function executes without the return false statement.

Also notice the transport attribute of the submit button is set to IframeTransport.

You will need to add a submit button for the additional form like this since you cannot have more than  one Struts 2 submit button on a page:

<input onclick="document.form1.submit();" type="button" />

The Uploaded Files View:

This is the JSP page that will show the list of uploaded files along with a delete option for each file.

The Struts 2 action will return this JSP page each time a file is uploaded/deleted and the view will be updated by the javascript function we wrote earlier.

<%@ taglib prefix="s" uri="/struts-tags" %>

<script type="text/javascript">
function removeFile(form) {
if (!confirm("Are you sure you want to remove this file?")) {
return;
}
else {
sendToServer(form, 'uploadingFileInd', 'attachedFilesView');
}
}

</script>

<s:actionerror cssClass="errorText"/>
<div id="uploadList" style="margin-left: 5px">
<s:iterator value="#session.fileUploadList" status="status">
<s:form theme="simple" id="removeFile%{#status.count}"
onsubmit="removeFile('removeFile%{#status.count}'); return false;">
         <s:hidden name="removeIndex" value="%{#status.count - 1}"/>
         ${session.fileUploadList[status.count - 1].fileFileName }&nbsp;&nbsp;
         <s:submit value="%{'delete'}"/>
        </s:form>
   </s:iterator></div>

The JSP page uses the Struts 2 iterator tag to iterate over the list of files stored in the session.  For each file in the list a form is created to remove the file and the name of the file is displayed.

The ID of each form is set to the status counter and a hidden field is created with the file’s index in the list.

A javascript function handles submitting the form and confirming that the user really wants to remove the file from the list.

The Server Side:

Before getting into the code let’s look at the Spring and Struts 2 configurations.

Application Context File (Spring)

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
                              http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">

    <bean id="attachFileAction" scope="prototype"
             class="com.cowboycoding.ajaxfileupload.AjaxFileUploadAction">
<property name="uploadDir" value="/content/upload/"/>
<property name="maxUploads" value="5"/>
    </bean>

</beans>

The main thing to note here is the injection of two properties into our Struts 2 action: uploadDir and maxUploads. The uploadDir property defines the directory relative to the web application to save the uploaded files into. The maxUploads property defines the maximum number of files that can be uploaded per request.

Struts Configuration:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
     "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
     "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
<package name="/fileUpload" namespace="/fileUpload" extends="struts-default">

        <action name="fileUploadTest">
            <result>/WEB-INF/jsp/upload_test_form.jsp</result>
        </action>

        <action name="attachFile_*" method="{1}" class="attachFileAction">
            <result>/WEB-INF/jsp/uploadlist.jsp</result>
        </action>

    </package>
</struts>

For the purposes of this article the fileUploadTest action simply refers to a JSP page.  In a real world scenario, it would refer to a Strtus action that handled form input.

Here you can see our attachFile action.  There is only one default result for the action which is the JSP page that displays the list of uploaded files we wrote earlier.

The FileUpload Bean:

I created a simple class called FileUploadBean to hold all of the file information submitted by the Struts 2 file tag.  The action class contains an instance variable of this type named fileUpload.

Note the variable name in the name property of the file tag in the form JSP page:

<s:file id="fileSelect" size="50" name="fileUpload.file"/>

Here is the code for the FileUploadBean class:

package com.cowboycoding.ajaxfileupload;

import java.io.File;

public class FileUploadBean {
    private File file;  // the file
    private String fileContentType; //The content type of the file
    private String fileFileName; //The uploaded file name

    public File getFile() {
        return file;
    }

    public void setFile(File file) {
        this.file = file;
    }

    public String getFileContentType() {
        return fileContentType;
    }

    public void setFileContentType(String fileContentType) {
        this.fileContentType = fileContentType;
    }

    public String getfileFileName() {
        return fileFileName;
    }

    public void setFileFileName(String fileFileName) {
        this.fileFileName = fileFileName;
    }
}

The Action Class:

Last but not least we have the Struts 2 action class.  This class performs two main tasks: uploading files and deleting files from the list of uploaded files.

Struts automatically assigns uploaded files a generated name and stores them in the directory defined by the struts.multipart.saveDir property in your struts configuration.  If the struts.multipart.saveDir is not defined, a default is used.

When a file is uploaded the FileUploadBean file property will contain a reference to the file that Struts 2 saved on the server’s filesystem.  The fileFileName property will be set to the original name of the file on the client’s filesystem.

Our action will rename the file back to the original name and move the file to the upload directory defined in the Spring configuration.

The action class does make use of the org.apache.commons.io.FileUtils class from the commons io package which can be downloaded here: http://commons.apache.org/io/

Finally here is the action class:

package com.cowboycoding.ajaxfileupload;

import java.io.File;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;

import org.apache.commons.io.FileUtils;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.SessionAware;
import org.springframework.web.context.ServletContextAware;

import com.opensymphony.xwork2.ActionSupport;

@SuppressWarnings("serial")
public class AjaxFileUploadAction extends ActionSupport implements SessionAware,
    ServletContextAware, ServletRequestAware {
    private HttpServletRequest request;
    private Map session;
    private ServletContext servletContext;
    private FileUploadBean fileUpload;
    private String uploadDir;  // Injected via Spring
    private int maxUploads = 0;  // Injected via Spring
    private int removeIndex = 0;  // passed in from form
    private List<FileUploadBean> uploads;

    public AjaxFileUploadAction() {
        fileUpload = new FileUploadBean();
    }

    public String execute() {
        uploads = (List<FileUploadBean>) session.get("fileUploadList");

        // initialize the session list if it hasn't been already
        if (uploads == null)
            uploads = new ArrayList<FileUploadBean>();

        // check to see if maxUploads has been met
        if (uploads.size() >= maxUploads)  {
            addActionError("Unable to upload file: Max number of uploads: " +
                 maxUploads + " has already been reached.");
            return SUCCESS;
        }

        // make sure the user selected a file before clicking submit
        if (fileUpload.getFile() == null) {
            addActionError("No file selected.");
            return SUCCESS;
        }

        // handle the file upload
        handleUpload();
        return SUCCESS;
    }

    private void handleUpload()  {
        // Make sure they didn't upload a file with the same name as a
        // file that already exists
        for (FileUploadBean f : uploads) {
            if (f.getfileFileName().equals(fileUpload.getfileFileName())) {
                addActionError("There is already an attached file with file name: " +
                                     fileUpload.getfileFileName());
                return;
            }
        }

        // get the absolute path to the save direcory
        String savePath = getServletContext().getRealPath(uploadDir);

        // set the path for the new file
        File destFile = new File(savePath + "/" + fileUpload.getfileFileName());
        if (destFile.exists()) {
            addActionError("A file with name " + fileUpload.getfileFileName() + "already" +
                                 " exists on the server. Rename your file and try again.");
            return;
        }

        try {
            // Copy the file to the new directory
            FileUtils.copyFile(fileUpload.getFile(), destFile);
       } catch (Exception e) {
            e.printStackTrace();
            addActionError("Unable to save uploaded file: " + e.getMessage());
             return;
       }

        // set the file to the new file
        fileUpload.setFile(destFile);

        // add file to the list of uploaded files
        uploads.add(fileUpload);

        // put the list in the session
        session.put("fileUploadList", uploads);
    }

    @SuppressWarnings("unchecked")
    public String removeFile() {
        // get the list of uploaded files from the session
        uploads = (List<FileUploadBean>) session.get("fileUploadList");
        try {
            // delete the specified file from the filesystem
            uploads.get(removeIndex).getFile().delete();

            // remove the file from the list
           uploads.remove(removeIndex);

            // update the list in the session
           session.put("fileUploadList", uploads);

        } catch (Exception e) {
            addActionError("Error removing attachment: " + e.getMessage());
            e.printStackTrace();
        }

        return SUCCESS;
    }

    // getter and setter methods
    public FileUploadBean getFileUpload() {
        return fileUpload;
    }

    public void setFileUpload(FileUploadBean fileUpload) {
        this.fileUpload = fileUpload;
    }

    public String getUploadDir() {
        return uploadDir;
   }

    public void setUploadDir(String uploadDir) {
        this.uploadDir = uploadDir;
    }

    public void setSession(Map session) {
        this.session = session;
    }

    public ServletContext getServletContext() {
        return servletContext;
    }

    public void setServletContext(ServletContext servletContext) {
        this.servletContext = servletContext;
    }

    public int getMaxUploads() {
        return maxUploads;
    }

    public void setMaxUploads(int maxUploads) {
        this.maxUploads = maxUploads;
    }

    public int getRemoveIndex() {
        return removeIndex;
    }

    public void setRemoveIndex(int removeIndex) {
        this.removeIndex = removeIndex;
    }

    public void setServletRequest(HttpServletRequest request) {
       this.request = request;
    }
}

Hopefully this article helped you get up and running with Ajax file upload.  All the code in the article was copied/pasted from a working test application.  If you have your web application environment, Struts 2 , and Spring configured correctly the code should work.

What is Twitter?

Twitter sells itself as a service for friends, family, and co-workers to keep in touch. However, I think of it more in terms of an information subscription service.  Basically you subscribe to the information stream or “tweets” of other Twitter members by “following” them.  Likewise, other people subscribe to your information stream, “tweets”, if they find you interesting. That might turn out to be friends and family for you, but in my opinion this is where Twitter falls flat in the face of competitors like Facebook.  More on that later.

The ability to selectively follow people or organizations with the same common interests as yourself is the real benefit of Twitter. You will not be tapping into the maximum potential of Twitter by limiting yourself to following friends and family. The idea is to form a large network of social connections with like minded people or organizations. You can use your Twitter network as a resource for getting answers to questions and turning you on to valuable information you may have missed otherwise.  A lot of people will share links to articles and blog posts that you may find useful.  It’s like having your own little army collectively scouring  the web for information you might find useful. If you’re following a high profile person in a certain industry, you may get tidbits of inside information and goings on inside that industry. You should likewise be contributing useful information to your stream or tweets. Your target audience will dictate what information you provide; different people will find different types of information useful.

What’s the difference between Facebook and Twitter?

I’ve seen a few people on Facebook wondering what they’re missing out on by not using Twitter or if they should switch from Facebook to Twitter.  There seems to be a lot of  general confusion as to why we need another social networking site.  If had to describe Twitter in terms of Facebook, I would describe it as Facebook if you stripped out everything but the status update and then limited that to 140 characters. So, should you start using Twitter?  Like the answer to every other question like this; it depends.

In my opinion if you are using Facebook to stay in touch with people on a personal  level such as friends and family and you don’t care about anything else, then you aren’t missing much by not using Twitter.  It is arguable, but I think Facebook is the superior service for staying in touch with people on a personal level.  You can share media on Twitter through sites like twitpic, but Facebook  has much better integration for sharing media since you can post it directly into your live feed.  Twitter is also devoid of things like wall posts, quizzes, and games that a lot of people like to do on Facebook.  Facebook also lets you stay connected on the go just as easily as Twitter through mobile apps and SMS messaging. I can’t speak to other devices, but from my experience the Facebook application for BlackBerry is much better than TwitterBerry or Tiny Twitter.

On the other hand, if you’re interested in connecting with people in your profession or people who share the same hobbies, you might want to check out Twitter.  Also, if you’re looking to promote yourself or small business, Twitter might be for you.  If you want to get a peek into the lives of high profile people such as celebrities, politicians, or movers and shakers in a specific industry, Twitter is the place.

How do I get started with Twitter?

Simply go to http://twitter.com and sign up for an account. Figuring out who to follow is one of the hardest parts when you first start.  Use tools like Twitter search to find people who are tweeting about the things you’re interested in.  Don’t be shy about following somebody; most people are more than happy to get new followers.  Look to see who the people you’re following are following and follow them.

Here is an excellent blog post that is much more detailed about getting started:

http://www.maine-seo.com/social-media/how-to-become-a-twitter-pro-in-no-time-a-guide-for-twitter-newbies

Well the good news is Struts 1 and Struts 2 can both run in the same web app in perfect harmony; however, there are a few pit falls that you should be aware of when making the transition.

The remainder of the post will assume you already have Struts 2.1.6  installed and running on your application server.  For instructions go here:  http://struts.apache.org/2.1.6/docs/simple-setup.html

The first thing you’ll likely notice about the Struts 2 setup is the use of a Filter instead of a servlet mapping like Struts 1.  Here is an excerpt from a web.xml file showing a simple Struts 2 configuration:

<filter>
  <filter-name>struts2</filter-name>
  <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>

<filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Note the url-pattern of the filter -mapping tag.  This setup will send every request through the Struts 2 filter.  This approach will cause potential conflicts with your Strtus 1 setup.

The Problem:

After installing Struts 2 with the configuration above I noticed that my Struts 1 forms that handled multipart/form-data, or file uploads, no longer worked.  A little investigating revealed the form data was being intercepted by the Struts 2 file upload interceptor. The reason for the intercept was because the request was hitting the Struts 2 filter before the Struts 1 servlet.  I could have just disabled the Struts 2 file upload interceptor, but I knew I wanted Struts 2 forms that could handle multipart/form-data.

Solution 1:

My first solution was to reconfigure Struts 2 as follows:

<filter>
  <filter-name>struts2</filter-name>
  <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>

<filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>*.action</url-pattern>
</filter-mapping>

Notice the new url-pattern.  The *.action pattern only sends requests ending in .action through the Struts 2 filter.  I thought I was finally good to go….until I tried using the Struts 2 <datetimepicker> tag.

The <datetimerpicker> tag causes requests for several different resource types including .js, .css, .gif, .png, and .html.  This fact isn’t isolated to the datetimepicker; that’s just how I discovered it.  Anytime a Struts 2 tag that depends on requests for resources other than .action is used, the requested resource types must pass through the Struts 2 filter.  Basically, you need the Struts 2 filter to intercept requests for several different types of resources, not just .action.

Solution 2:

Finally, I modified my Struts 2 configuration to look like this:

<filter>
  <filter-name>struts2</filter-name>
  <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>

<filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>*.action</url-pattern>
</filter-mapping>

<filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>*.js</url-pattern>
</filter-mapping>

<filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>*.css</url-pattern>
</filter-mapping>

<filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>*.html</url-pattern>
</filter-mapping>

<filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>*.gif</url-pattern>
</filter-mapping>

<filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>*.png</url-pattern>
</filter-mapping>

The new configuration ensures requests for various resources used by certain Struts 2 tags will pass through the Struts 2 filter.  I haven’t had any problems with Struts 2 tags since I started using this configuration; and I use the Ajax tags extensively throughout my applications.

There may be a more elegant way to configure Struts 1 and Struts 2 within the same web app, but so far this has worked for me.

Until next time.