RE: Session expired
It seems that there are two solutions for same problem, one using the RequestProcessor and other one using the servlet 2.3 Filter. Which one is the better solution from performance point of view or other parameters if any, we can use to find better solution? Viral -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 9:29 PM To: Struts Users Mailing List Subject: RE: Session expired On Tue, 19 Aug 2003, Filip Polsakiewicz wrote: Date: Tue, 19 Aug 2003 14:12:40 +0200 From: Filip Polsakiewicz [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Subject: RE: Session expired My problem is, that I already have something around 60 jsps. Now it would be nice to have a workaround so that i don't have to adapt all my jsps and actions. If you have followed the recommended Struts design practice of flowing *all* requests through the controller servlet, then it's really easy to do this -- subclass RequestProcessor and override one of the processXxx methods to perform this check for you. If you have direct hyperlinks to JSP pages, then you can use a Filter if you're on a Servlet 2.3 or later container; otherwise, you're stuck having to modify your 60 pages. If you have to modify things anyway, you're strongly encouraged to follow the recommended design pattern and flow things through the controller, so you can do things like this in one place. Craig - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session expired
On Wed, 20 Aug 2003, Viral_Thakkar wrote: Date: Wed, 20 Aug 2003 17:19:28 +0530 From: Viral_Thakkar [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Subject: RE: Session expired It seems that there are two solutions for same problem, one using the RequestProcessor and other one using the servlet 2.3 Filter. The RequestProcessor solution *only* works if all requests are sent through the controller servlet, and there are zero direct links to a JSP page (even by a user manually typing in a URL, or having bookmarked a JSP URL). The Filter case will catch those, if you use an appropriate mapping on your Filter. Which one is the better solution from performance point of view or other parameters if any, we can use to find better solution? The RequestProcessor approach is slightly less overhead, but quite frankly there are very few applications in the world where this should be the driving concern. You should really be thinking more about whether it works reliably in all cases, which solution is more maintainable, and considerations like that. The only time performance should affect a decision like this is when you're CPU bound in the servlet container -- and that is a vanishingly rare situation in production applications, where the servlet container is often sitting around waiting for the database or the network to get done with its work. Even if you are CPU bound, it's probably cheaper to spend a little money on a faster CPU than to suffer more work or less reliable behavior. Viral Craig - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session expired
Use a realm. --- Filip Polsakiewicz [EMAIL PROTECTED] wrote: Hi, is there any way to redirect y user to a jsp if the session is expired without checking for an expired session within each single jsp? Thanks, Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session expired
What if you check from your action before redirecting to a jsp ? Filip Polsakiewicz wrote: Hi, is there any way to redirect y user to a jsp if the session is expired without checking for an expired session within each single jsp? Thanks, Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session expired
yes. If you are using servlet 2.3 container, write a filter that can check the session status, if expired will redirect the control to the standard expired.jsp page otherwise the control is passed to thr requested jsp. hth navjot singh |-Original Message- |From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED] |Sent: Tuesday, August 19, 2003 4:28 PM |To: Struts Users Mailing List |Subject: Re: Session expired | | |What if you check from your action before redirecting to a jsp ? | | |Filip Polsakiewicz wrote: | |Hi, |is there any way to redirect y user to a jsp if the session is expired |without checking for an expired session within each single jsp? | |Thanks, Filip | | | | |- |To unsubscribe, e-mail: [EMAIL PROTECTED] |For additional commands, e-mail: [EMAIL PROTECTED] | | | | | | | |- |To unsubscribe, e-mail: [EMAIL PROTECTED] |For additional commands, e-mail: [EMAIL PROTECTED] | | - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session expired
My problem is, that I already have something around 60 jsps. Now it would be nice to have a workaround so that i don't have to adapt all my jsps and actions. -Original Message- From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:58 PM To: Struts Users Mailing List Subject: Re: Session expired What if you check from your action before redirecting to a jsp ? Filip Polsakiewicz wrote: Hi, is there any way to redirect y user to a jsp if the session is expired without checking for an expired session within each single jsp? Thanks, Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session expired
--- Filip Polsakiewicz [EMAIL PROTECTED] wrote: My problem is, that I already have something around 60 jsps. Now it would be nice to have a workaround so that i don't have to adapt all my jsps and actions. You could add a method to some BaseAction class that performs this check. If all your actions extend this one, you don't have to change very much code. David -Original Message- From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:58 PM To: Struts Users Mailing List Subject: Re: Session expired What if you check from your action before redirecting to a jsp ? Filip Polsakiewicz wrote: Hi, is there any way to redirect y user to a jsp if the session is expired without checking for an expired session within each single jsp? Thanks, Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session expired
How about a filter? That is what I use. Anything within a certain path first gets checked by my filter and if the user doesn't have a valid session object it redirects them to the login page... This way the code doesn't even know it is happening... You define one in your web.xml like so: filter filter-nameSessionFilter/filter-name filter-classcom.symbol.mc.oms.servlet.SessionFilter/filter-class /filter filter-mapping filter-nameSessionFilter/filter-name url-pattern/app/*/url-pattern /filter-mapping This way anything within the /app dir goes through the filter first... - Original Message - From: Filip Polsakiewicz [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 8:12 AM Subject: RE: Session expired My problem is, that I already have something around 60 jsps. Now it would be nice to have a workaround so that i don't have to adapt all my jsps and actions. -Original Message- From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:58 PM To: Struts Users Mailing List Subject: Re: Session expired What if you check from your action before redirecting to a jsp ? Filip Polsakiewicz wrote: Hi, is there any way to redirect y user to a jsp if the session is expired without checking for an expired session within each single jsp? Thanks, Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session expired
Sloan, Can you provide example code from com.symbol.mc.oms.servlet.SessionFilter Or is that asking too much ?? TIA, Mike - Original Message - From: Sloan Seaman [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:17 PM Subject: Re: Session expired How about a filter? That is what I use. Anything within a certain path first gets checked by my filter and if the user doesn't have a valid session object it redirects them to the login page... This way the code doesn't even know it is happening... You define one in your web.xml like so: filter filter-nameSessionFilter/filter-name filter-classcom.symbol.mc.oms.servlet.SessionFilter/filter-class /filter filter-mapping filter-nameSessionFilter/filter-name url-pattern/app/*/url-pattern /filter-mapping This way anything within the /app dir goes through the filter first... - Original Message - From: Filip Polsakiewicz [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 8:12 AM Subject: RE: Session expired My problem is, that I already have something around 60 jsps. Now it would be nice to have a workaround so that i don't have to adapt all my jsps and actions. -Original Message- From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:58 PM To: Struts Users Mailing List Subject: Re: Session expired What if you check from your action before redirecting to a jsp ? Filip Polsakiewicz wrote: Hi, is there any way to redirect y user to a jsp if the session is expired without checking for an expired session within each single jsp? Thanks, Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session expired
With Struts 1.1 you can also write your own RequestProcessor and overwrite the desired processXYZ()-methods to perform checks like these before executing anything further (e.g. before showing the JSP, before populating a Form etc.). I've successfully used processPreprocess() to check whether a session is still valid and/or a required SessionBean is available in Session-Scope, and redirect to the login-page if it's not. Ofcourse all of your JSPs must not be called directly, but rather via a corresponding forward of your Actions. See the JavaDoc http://jakarta.apache.org/struts/api/org/apache/struts/action/RequestProcessor.html Yann - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session expired
I'm betting it would look something like, depending on your business needs: if ( [destination checking, these destionations require a valid session or logged in session] ) { if ( httpRequest.getSession(false) == null || ( [get the session, check for logged in status] == false) ) {[redirect to login/root/expired page] } } From: Mike Deegan [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Subject: Re: Session expired Date: Tue, 19 Aug 2003 13:43:29 -0600 Sloan, Can you provide example code from com.symbol.mc.oms.servlet.SessionFilter Or is that asking too much ?? TIA, Mike - Original Message - From: Sloan Seaman [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:17 PM Subject: Re: Session expired How about a filter? That is what I use. Anything within a certain path first gets checked by my filter and if the user doesn't have a valid session object it redirects them to the login page... This way the code doesn't even know it is happening... You define one in your web.xml like so: filter filter-nameSessionFilter/filter-name filter-classcom.symbol.mc.oms.servlet.SessionFilter/filter-class /filter filter-mapping filter-nameSessionFilter/filter-name url-pattern/app/*/url-pattern /filter-mapping This way anything within the /app dir goes through the filter first... - Original Message - From: Filip Polsakiewicz [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 8:12 AM Subject: RE: Session expired My problem is, that I already have something around 60 jsps. Now it would be nice to have a workaround so that i don't have to adapt all my jsps and actions. -Original Message- From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:58 PM To: Struts Users Mailing List Subject: Re: Session expired What if you check from your action before redirecting to a jsp ? Filip Polsakiewicz wrote: Hi, is there any way to redirect y user to a jsp if the session is expired without checking for an expired session within each single jsp? Thanks, Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ bMSN 8:/b Get 6 months for $9.95/month. http://join.msn.com/?page=dept/dialup - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session expired
First off let me state that mine is a bit complicated since it gets some config info from a static object I stripped out what I could to make it more simple...but the whole version of mine gets the redirect url and if it is enabled or not from a static configuration object that is created via a plugin that uses Digester The example below is as simple as it gets. If a session object does not exist and the specific object within the session does not exist (in this case, a user object defined by USER_OBJECT), it redirects to the index.jsp. Otherwise it just lets the filter continue down the chain of filters(the correct thing to do if the user is valid). In writing your own you will prob. want to abstract the page to redirect to as well as the object to look for in the session to make everything more configurable You could also go a step further and check the roles within the user object. Though I do this on a per action basis within the struts-config.xml file via a SecureAction object that I've created. This allows for a lot of cool tricks like cascading up the action chain to a point where the user finally has proper access rights anyway... here is the code: import java.io.IOException; import javax.servlet.*; import javax.servlet.http.*; import org.apache.log4j.Logger; public class SessionFilter implements Filter { private static final Logger log = Logger.getLogger(SessionFilter.class); private ServletContext context = null; /** * Initialize the SessionFilter with the FilterConfigurate from the * web.xml file * * @param _filterConfig The Filter Configuration */ public void init(javax.servlet.FilterConfig _filterConfig) { context = _filterConfig.getServletContext(); } /** * Called when the filter needs to be executed * * @param _request The ServletRequest * @param _response The ServletResponse * @param _chain The FilterChain */ public void doFilter(ServletRequest _request, ServletResponse _response, FilterChain _chain) throws IOException, ServletException { String redirectFailure = /index.jsp; HttpSession session = ((HttpServletRequest)_request).getSession(); // the object name to look for should be in the configuration... if ((session == null) || (session.getAttribute(USER_OBJECT)== null) ) { context.getRequestDispatcher(redirectFailure) .forward(_request,_response); log.debug(Access denied. Redirecting to +redirectFailure); } else { _chain.doFilter(_request, _response); } } /** * Doesn't do anything */ public void destroy() {} } - Original Message - From: Mike Deegan [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 3:43 PM Subject: Re: Session expired Sloan, Can you provide example code from com.symbol.mc.oms.servlet.SessionFilter Or is that asking too much ?? TIA, Mike - Original Message - From: Sloan Seaman [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:17 PM Subject: Re: Session expired How about a filter? That is what I use. Anything within a certain path first gets checked by my filter and if the user doesn't have a valid session object it redirects them to the login page... This way the code doesn't even know it is happening... You define one in your web.xml like so: filter filter-nameSessionFilter/filter-name filter-classcom.symbol.mc.oms.servlet.SessionFilter/filter-class /filter filter-mapping filter-nameSessionFilter/filter-name url-pattern/app/*/url-pattern /filter-mapping This way anything within the /app dir goes through the filter first... - Original Message - From: Filip Polsakiewicz [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 8:12 AM Subject: RE: Session expired My problem is, that I already have something around 60 jsps. Now it would be nice to have a workaround so that i don't have to adapt all my jsps and actions. -Original Message- From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:58 PM To: Struts Users Mailing List Subject: Re: Session expired What if you check from your action before redirecting to a jsp ? Filip Polsakiewicz wrote: Hi, is there any way to redirect y user to a jsp if the session is expired without checking for an expired session within each single jsp? Thanks, Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail
Re: Session expired
log.info(Entering LoginFilter.doFilter().); HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; HttpSession session = httpRequest.getSession(false); if(session != null) { log.info(Sending to log in...); httpResponse.sendRedirect(login.jsp); } else { log.info(Honoring request...); chain.doFilter(request, response); } log.info(Exiting LoginFilter.doFilter().); On 8/19/03 14:43, Mike Deegan [EMAIL PROTECTED] wrote: Sloan, Can you provide example code from com.symbol.mc.oms.servlet.SessionFilter Or is that asking too much ?? TIA, Mike - Original Message - From: Sloan Seaman [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:17 PM Subject: Re: Session expired How about a filter? That is what I use. Anything within a certain path first gets checked by my filter and if the user doesn't have a valid session object it redirects them to the login page... This way the code doesn't even know it is happening... You define one in your web.xml like so: filter filter-nameSessionFilter/filter-name filter-classcom.symbol.mc.oms.servlet.SessionFilter/filter-class /filter filter-mapping filter-nameSessionFilter/filter-name url-pattern/app/*/url-pattern /filter-mapping This way anything within the /app dir goes through the filter first... - Original Message - From: Filip Polsakiewicz [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 8:12 AM Subject: RE: Session expired My problem is, that I already have something around 60 jsps. Now it would be nice to have a workaround so that i don't have to adapt all my jsps and actions. -Original Message- From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:58 PM To: Struts Users Mailing List Subject: Re: Session expired What if you check from your action before redirecting to a jsp ? Filip Polsakiewicz wrote: Hi, is there any way to redirect y user to a jsp if the session is expired without checking for an expired session within each single jsp? Thanks, Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session expired
On Tue, 19 Aug 2003, Filip Polsakiewicz wrote: Date: Tue, 19 Aug 2003 14:12:40 +0200 From: Filip Polsakiewicz [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Subject: RE: Session expired My problem is, that I already have something around 60 jsps. Now it would be nice to have a workaround so that i don't have to adapt all my jsps and actions. If you have followed the recommended Struts design practice of flowing *all* requests through the controller servlet, then it's really easy to do this -- subclass RequestProcessor and override one of the processXxx methods to perform this check for you. If you have direct hyperlinks to JSP pages, then you can use a Filter if you're on a Servlet 2.3 or later container; otherwise, you're stuck having to modify your 60 pages. If you have to modify things anyway, you're strongly encouraged to follow the recommended design pattern and flow things through the controller, so you can do things like this in one place. Craig - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]