Re: Re: How to forward from a struts form to a login dialog ?

2002-12-31 Thread otisg 
Oh, one more thing.
Note how in this servlet filter some
application-specific URIs are hard-coded. 
It would be more elegant, IMHO, to declare
those elsewhere.
Also, instead of sending a redirect to a
hard-coded URI, one could use sendError with
401 code (unauthorized) and then handle 401
declaratively in web.xml, like this for
instance:


401
/loginView.do


What do people think?  Is this better or not?

Thanks,
Otis

 On Tue, 31 Dec 2002, Ronald Mathies
([EMAIL PROTECTED]) wrote:

> I've added some files as an example. How i
manage the user sessions.
> 
> 
> - Original Message -
> From: "Arik Levin ( Tikal )"
<[EMAIL PROTECTED]>
> To: "'Struts Users Mailing List'"
<[EMAIL PROTECTED]>
> Sent: Tuesday, December 31, 2002 11:59 AM
> Subject: RE: How to forward from a struts
form to a login dialog ?
> 
> 
> > There are two main solutions:
> >
> > The first one is more effective,
including JAAS.
> > You have to make a form that call
j_security_check action with j_password
> > and j_username inputs, the web server
has its own security engine that
> > throws you to your first login page if
you are not authorized.
> >
> > The second solution is simpler. You make
a base action which store your
> user
> > information at the HttpSession after it
has been authorized. Every action
> > you have at your application should
extend this base action. In case of
> > session timeout or user not authorized
just forward to your login page.
> >
> > I hope this helps you.
> >
> > Arik.
> >
> > -Original Message-
> > From: Zsolt Koppany [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, November 07, 2002 11:18 AM
> > To: [EMAIL PROTECTED]
> > Subject: How to forward from a struts
form to a login dialog ?
> >
> > Hi,
> >
> > in a struts form I want to check whether
to user has already logged in. If
> > not, instead of showing the form I want
to forward the user to a login
> > dialog
> > and he must log in. After the user
logged in, I want him to come back to
> the
> >
> > form and I have to restore the original
parameters of the form.
> >
> > What is the best solution?
> >
> >
> > Zsolt
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> >
<mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> >
> >
> > --
> > To unsubscribe, e-mail:
>
<mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
> >
> 
> 
> 
> /*
>  * $Archive:  $
>  *
>  * $Workfile:  $
>  * $Revision:  $
>  * $Date:  $
>  * $Author:  $
>  *
>  * Copyright 2002 J-Instance. All Rights
Reserved.
>  *
>  * This software is the proprietary
information of J-Instance.
>  * Use is subject to license terms.
>  *
>  */
> 
> package com.jinstance.ibep.login;
> 
> import org.apache.struts.action.*;
> import java.io.*;
> import javax.servlet.*;
> import javax.servlet.http.*;
> 
> import javax.naming.*;
> 
> import org.apache.commons.beanutils.*;
> 
> import com.jinstance.ibep.action.*;
> 
> // RMA:
> import org.apache.log4j.PropertyConfigurator;
> import org.apache.log4j.Logger;
> import org.apache.log4j.Priority;  
> 
> public class LoginAction extends
DefaultAction  {
> 
>   static Logger logger =
Logger.getLogger(LoginAction.class.getName());
> 
>   private String sessionUsernamePath;
> 
>   private String loginname,
>  password;
>   
> 
>   /**
>* This is the main action called from
the Struts framework.
>* @param mapping The ActionMapping used
to select this instance.
>* @param form The optional ActionForm
bean for this request.
>* @param request The HTTP Request we
are processing.
>* @param response The HTTP Response we
are processing.
>*/
>   public ActionForward
execute(ActionMapping mapping, ActionForm
form, HttpServletRequest request,
> HttpServletResponse response) throws
IOException, ServletException {
> 
>
PropertyConfigurator.configure("log4j.properties");
> 
> logger.
> 
> ActionErrors ae = new ActionErrors();
> 
> /** Get the path to the username for
this application. */
> sessionUsernamePath =
getSessionUsernamePath();
> 
> try {
> 
>   /** Retrieve the login data from the
form. */
>   loginname =
(String)PropertyUtils.getSimpleProperty(form,
"loginname");
>   password =
(String)PropertyUtils.getSimpleProperty(form,
"password"

Re: Re: How to forward from a struts form to a login dialog ?

2002-12-31 Thread otisg 
Hello,

Thanks for the classes, I am doing the same
thing.
Question:
- What's the advantage of using the entry in
web.xml (maybe you can also send web.xml?),
and doing the naming lookups, etc. versus
just storing an object in a HttpSession and
checking if it is null or not (as you are
doing as well).
What does the naming stuff give you?

Just curious...
Thanks,
Otis
 



 On Tue, 31 Dec 2002, Ronald Mathies
([EMAIL PROTECTED]) wrote:

> I've added some files as an example. How i
manage the user sessions.
> 
> 
> - Original Message -
> From: "Arik Levin ( Tikal )"
<[EMAIL PROTECTED]>
> To: "'Struts Users Mailing List'"
<[EMAIL PROTECTED]>
> Sent: Tuesday, December 31, 2002 11:59 AM
> Subject: RE: How to forward from a struts
form to a login dialog ?
> 
> 
> > There are two main solutions:
> >
> > The first one is more effective,
including JAAS.
> > You have to make a form that call
j_security_check action with j_password
> > and j_username inputs, the web server
has its own security engine that
> > throws you to your first login page if
you are not authorized.
> >
> > The second solution is simpler. You make
a base action which store your
> user
> > information at the HttpSession after it
has been authorized. Every action
> > you have at your application should
extend this base action. In case of
> > session timeout or user not authorized
just forward to your login page.
> >
> > I hope this helps you.
> >
> > Arik.
> >
> > -Original Message-
> > From: Zsolt Koppany [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, November 07, 2002 11:18 AM
> > To: [EMAIL PROTECTED]
> > Subject: How to forward from a struts
form to a login dialog ?
> >
> > Hi,
> >
> > in a struts form I want to check whether
to user has already logged in. If
> > not, instead of showing the form I want
to forward the user to a login
> > dialog
> > and he must log in. After the user
logged in, I want him to come back to
> the
> >
> > form and I have to restore the original
parameters of the form.
> >
> > What is the best solution?
> >
> >
> > Zsolt
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> >
<mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> >
> >
> > --
> > To unsubscribe, e-mail:
>
<mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
> >
> 
> 
> 
> /*
>  * $Archive:  $
>  *
>  * $Workfile:  $
>  * $Revision:  $
>  * $Date:  $
>  * $Author:  $
>  *
>  * Copyright 2002 J-Instance. All Rights
Reserved.
>  *
>  * This software is the proprietary
information of J-Instance.
>  * Use is subject to license terms.
>  *
>  */
> 
> package com.jinstance.ibep.login;
> 
> import org.apache.struts.action.*;
> import java.io.*;
> import javax.servlet.*;
> import javax.servlet.http.*;
> 
> import javax.naming.*;
> 
> import org.apache.commons.beanutils.*;
> 
> import com.jinstance.ibep.action.*;
> 
> // RMA:
> import org.apache.log4j.PropertyConfigurator;
> import org.apache.log4j.Logger;
> import org.apache.log4j.Priority;  
> 
> public class LoginAction extends
DefaultAction  {
> 
>   static Logger logger =
Logger.getLogger(LoginAction.class.getName());
> 
>   private String sessionUsernamePath;
> 
>   private String loginname,
>  password;
>   
> 
>   /**
>* This is the main action called from
the Struts framework.
>* @param mapping The ActionMapping used
to select this instance.
>* @param form The optional ActionForm
bean for this request.
>* @param request The HTTP Request we
are processing.
>* @param response The HTTP Response we
are processing.
>*/
>   public ActionForward
execute(ActionMapping mapping, ActionForm
form, HttpServletRequest request,
> HttpServletResponse response) throws
IOException, ServletException {
> 
>
PropertyConfigurator.configure("log4j.properties");
> 
> logger.
> 
> ActionErrors ae = new ActionErrors();
> 
> /** Get the path to the username for
this application. */
> sessionUsernamePath =
getSessionUsernamePath();
> 
> try {
> 
>   /** Retrieve the login data from the
form. */
>   loginname =
(String)PropertyUtils.getSimpleProperty(form,
"loginname");
>   password =
(String)PropertyUtils.getSimpleProperty(form,
"password");
> 
> } catch (Exception e) {
>logger.error(&

Re: How to forward from a struts form to a login dialog ?

2002-12-31 Thread Ronald Mathies 
I've added some files as an example. How i manage the user sessions.


- Original Message -
From: "Arik Levin ( Tikal )" <[EMAIL PROTECTED]>
To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
Sent: Tuesday, December 31, 2002 11:59 AM
Subject: RE: How to forward from a struts form to a login dialog ?


> There are two main solutions:
>
> The first one is more effective, including JAAS.
> You have to make a form that call j_security_check action with j_password
> and j_username inputs, the web server has its own security engine that
> throws you to your first login page if you are not authorized.
>
> The second solution is simpler. You make a base action which store your
user
> information at the HttpSession after it has been authorized. Every action
> you have at your application should extend this base action. In case of
> session timeout or user not authorized just forward to your login page.
>
> I hope this helps you.
>
> Arik.
>
> -Original Message-
> From: Zsolt Koppany [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, November 07, 2002 11:18 AM
> To: [EMAIL PROTECTED]
> Subject: How to forward from a struts form to a login dialog ?
>
> Hi,
>
> in a struts form I want to check whether to user has already logged in. If
> not, instead of showing the form I want to forward the user to a login
> dialog
> and he must log in. After the user logged in, I want him to come back to
the
>
> form and I have to restore the original parameters of the form.
>
> What is the best solution?
>
>
> Zsolt
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>

/*
 * $Archive:  $
 *
 * $Workfile:  $
 * $Revision:  $
 * $Date:  $
 * $Author:  $
 *
 * Copyright 2002 J-Instance. All Rights Reserved.
 *
 * This software is the proprietary information of J-Instance.
 * Use is subject to license terms.
 *
 */

package com.jinstance.ibep.login;

import org.apache.struts.action.*;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

import javax.naming.*;

import org.apache.commons.beanutils.*;

import com.jinstance.ibep.action.*;

// RMA:
import org.apache.log4j.PropertyConfigurator;
import org.apache.log4j.Logger;
import org.apache.log4j.Priority;  

public class LoginAction extends DefaultAction  {

  static Logger logger = Logger.getLogger(LoginAction.class.getName());

  private String sessionUsernamePath;

  private String loginname,
 password;
  

  /**
   * This is the main action called from the Struts framework.
   * @param mapping The ActionMapping used to select this instance.
   * @param form The optional ActionForm bean for this request.
   * @param request The HTTP Request we are processing.
   * @param response The HTTP Response we are processing.
   */
  public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

PropertyConfigurator.configure("log4j.properties");

logger.

ActionErrors ae = new ActionErrors();

/** Get the path to the username for this application. */
sessionUsernamePath = getSessionUsernamePath();

try {

  /** Retrieve the login data from the form. */
  loginname = (String)PropertyUtils.getSimpleProperty(form, "loginname");
  password = (String)PropertyUtils.getSimpleProperty(form, "password");

} catch (Exception e) {
   logger.error("Missing loginname or password method within the LoginActionForm", e);
   System.out.println (e);
}

/** Create a user session. */
HttpSession session = request.getSession(true);

/** Set the username at the path specified in the web.xml file */
session.setAttribute(sessionUsernamePath, loginname);

logger.info("User " + loginname + " succesfully logged into the application");

return mapping.findForward(ACTION_SUCCESS);
  }

  private String getSessionUsernamePath() throws ServletException {
try {
  Context context = new InitialContext();
  return (String)context.lookup("java:comp/env/session/username");
} catch(NamingException namingException) {
  logger.fatal("Missing  in web.xml (session/username) ", namingException);
  throw new ServletException("Missing  in web.xml (session/username)");
/*
 * $Archive:  $
 *
 * $Workfile:  $
 * $Revision:  $
 * $Date:  $
 * $Author:  $
 *
 * Copyright 2002 J-Instance. All Rights Reserved.
 *
 * This software is the proprietary information of J-Instance.
 * Use i

RE: How to forward from a struts form to a login dialog ?

2002-12-31 Thread Arik Levin ( Tikal ) 
There are two main solutions:

The first one is more effective, including JAAS.
You have to make a form that call j_security_check action with j_password
and j_username inputs, the web server has its own security engine that
throws you to your first login page if you are not authorized.

The second solution is simpler. You make a base action which store your user
information at the HttpSession after it has been authorized. Every action
you have at your application should extend this base action. In case of
session timeout or user not authorized just forward to your login page.

I hope this helps you.

Arik.

-Original Message-
From: Zsolt Koppany [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, November 07, 2002 11:18 AM
To: [EMAIL PROTECTED]
Subject: How to forward from a struts form to a login dialog ?

Hi,

in a struts form I want to check whether to user has already logged in. If 
not, instead of showing the form I want to forward the user to a login
dialog 
and he must log in. After the user logged in, I want him to come back to the

form and I have to restore the original parameters of the form.

What is the best solution?


Zsolt



--
To unsubscribe, e-mail:

For additional commands, e-mail:



--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: How to forward from a struts form to a login dialog ?

2002-11-07 Thread Max Kutny 

 ZK> Ok, but how?

>> Move authentication to container level


Well, that's depend on container. The servlet spec requires containers to
support simple authentication mechanism (you should read either spec or
your container documentation). Most of the containers allow you to write
custom authenticator.

In few words you need to put  in your web.xml file. Then you
could easily throw out all your authentication code from actions.

-- 
Max Kutny

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: How to forward from a struts form to a login dialog ?

2002-11-07 Thread Zsolt Koppany 
Ok, but how?

Zsolt

On Thursday 07 November 2002 11:14, Max Kutny wrote:
> Move authentication to container level


--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: How to forward from a struts form to a login dialog ?

2002-11-07 Thread Max Kutny 

 ZK> Hi, in a struts form I want to check whether to user has already
 ZK> logged in. If not, instead of showing the form I want to forward the
 ZK> user to a login dialog and he must log in. After the user logged in, I
 ZK> want him to come back to the form and I have to restore the original
 ZK> parameters of the form.

 ZK> What is the best solution?

Move authentication to container level.

-- 
Max Kutny

--
To unsubscribe, e-mail:   
For additional commands, e-mail: