Craig,
What would you do if the page in question could be viewed by anybody,
logged in or not, but certain parts of the display need to be hidden for
those who are not logged in (full functionality not available to guest
users, only to registered users). Would you wrap this if-else statement
around every single piece of the conditionally displaying code?
-Eric
murali vivekanandan wrote:
> Great inputs by Mr. McClanahan and other in this thread.
>
> In our application we have one servlet for each form and in addition to
the
> action class with validated parameters, it validates the session. For ex.
to
> access his account, the user should have logged in first(which is stored
in
> the session). This is different for each form.
>
> Where and how do think we can do, if we follow your model for one
controller
> servlet?
>
What I do is build in a check in the doGet/doPost methods of the controller
servlet, and check for the existence of a particular object in the user's
session that is only put there by a successful login. This object is
removed
when the user executes your logout function, and is essentially removed by
a
session timeout (since it won't be there the next time the user makes a
request
-- they'll have just started a new sessiion) Then, the pseudo-code of
processing a request would be something like this:
Check for existence of the login-succeeded object
if (login object is there) {
Call the action class being requested
} else {
Display the login page
}
You'd need a special check that allowed the "process login" action to be
processed even if the user wasn't logged on.
In the "process login" action, after you are satisfied the user has been
authenticated, you add the appropriate login object to the user's session).
When they execute your logout function, just remove this object and
invalidate
the session.
>
> I am a newbie to architecture, so hope you dont mind if this is a up to
the
> par question.
>
> Thanks,
> Murali Vivekanandan.
>
Craig McClanahan
Eric M. Andersen
I/T Specialist
IBM Global Services
Tel: (781) 895-2637, Fax : (781) 895-2843, t/line : 362-2637
Internet ID: [EMAIL PROTECTED]
Lotus Notes ID: Eric M Andersen/Waltham/IBM
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
