user story - aclfilter.txt

Chinaxp 论坛源代码

Story:
    use acl-config.xml to store web pages that can only be viewed by logined user
    move user authenticate codes from action of every protected page to SignonFilter

working items:
    ok.create acl-config.xml
    ok.add class ProtectedResource
    ok.add interface AclDAO
       isProtectedResource(String uri);
    ok.add class AclDAOxml, AclDAOxmlTest
    ok.write AclDAOxmlTest
       testIsProtectedPages

    ok.add class AclFilter
       write init()
       write doFilter();
    ok.add filter config to web.xml
    ok.remove code that check user login from postLinkAction
    ok.test if filter work properly
       .user donot login, click postthread, system should redirect to logon page
        after logon, system redirect to postthread page
       .user donot login, can access viewThreadList

    ok.remove code that check user login from other XXXActions
       PostLinkAction
       EditThreadAction
       ViewMyThreadAction
       EditAccountAction
    
    ok.write acl-config.dtd, use XMLParser to validate the xml file

work flow of doFilter():
    .check requestURI
      .if is not a protected page, pass
      .if is a protected page
         .get user infomation from session
	    .if has user info, pass
	    .if no user info, store requestURI to DEST_URL
	     forward to login page


problems & bugs:
    .user not login, click viewMyThread, system redirect to login page
     user enter wrong password once, next time he entered the right password
     but can't return to original page: viewMyThread.
    .editAccout: password show on textField
     if confirmed password is not same with new password