Re: Redirecting after logon...
On 11/17/2003 05:29 AM Craig Edwards wrote: To complete process X, the user has to perform 5 steps. The user can perform steps 1, 2 and 3 with or without being logged on, but they must be logged on to perform steps 4 and 5. Obviously, I can have a specific check in step 4, but I would like, say, easily change the logon requirement to instead be in step 3. Basically, I would like to be able to specify for each page whether the user has to be logged in. Craig, I thought about this myself for implementing more or less the same thing, and decided but haven't yet tried saving the user's ActionForm that has all the request parameters already. I would put it in the session under a particular key, and then check whether the key contains a valid form at the start of each action, and if so, i.e. after the login redirect back to the originally requested destination, take the ActionForm out of the session and overwrite the new one. bear in mind I haven't tried it so there might be some gotcha lurking there to prevent this from working. HTH Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Redirecting after logon...
I have been using the following for returning the user to their intended URL after a login, and have had good luck with it ... - In the Base Action class - if (someCheckFor.loggedInUser() == null) { StringBuffer goToPath = new StringBuffer(request.getServletPath()); if (request.getQueryString() != null) { goToPath.append(? + request.getQueryString()); } request.setAttribute(userPath, goToPath.toString()); return mapping.findForward(login); } - In the LoginSetup Action - loginForm.setPreviousAction((String)request.getAttribute(userPath)); - In the Login.jsp - html:hidden property=userPath/ - In the LoginSave Action - if ((loginForm.getUserPath() != null) ((loginForm.getUserPath().length()) 0)) { return new ActionForward(loginForm.getUserPath()); } You can change the last line return new ActionForward to be a redirect. Hope that helps, Susan On 11/17/2003 07:36:48 AM Adam Hardy wrote: On 11/17/2003 05:29 AM Craig Edwards wrote: To complete process X, the user has to perform 5 steps. The user can perform steps 1, 2 and 3 with or without being logged on, but they must be logged on to perform steps 4 and 5. Obviously, I can have a specific check in step 4, but I would like, say, easily change the logon requirement to instead be in step 3. Basically, I would like to be able to specify for each page whether the user has to be logged in. Craig, I thought about this myself for implementing more or less the same thing, and decided but haven't yet tried saving the user's ActionForm that has all the request parameters already. I would put it in the session under a particular key, and then check whether the key contains a valid form at the start of each action, and if so, i.e. after the login redirect back to the originally requested destination, take the ActionForm out of the session and overwrite the new one. bear in mind I haven't tried it so there might be some gotcha lurking there to prevent this from working. HTH Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Redirecting after logon...
On 11/17/2003 02:31 PM Susan Bradeen wrote: I have been using the following for returning the user to their intended URL after a login, and have had good luck with it ... - In the Base Action class - if (someCheckFor.loggedInUser() == null) { StringBuffer goToPath = new StringBuffer(request.getServletPath()); if (request.getQueryString() != null) { goToPath.append(? + request.getQueryString()); } request.setAttribute(userPath, goToPath.toString()); return mapping.findForward(login); } Susan, what about HTTP-put, where there are request parameters that are not in the query string? Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Redirecting after logon...
Just a note that ActionServlet only implements doGet and doPost so I imagine you'll get some sort of method-not-supported error (inherited from HttpServlet) if you send it a PUT request. Quoting Adam Hardy [EMAIL PROTECTED]: On 11/17/2003 02:31 PM Susan Bradeen wrote: I have been using the following for returning the user to their intended URL after a login, and have had good luck with it ... - In the Base Action class - if (someCheckFor.loggedInUser() == null) { StringBuffer goToPath = new StringBuffer(request.getServletPath()); if (request.getQueryString() != null) { goToPath.append(? + request.getQueryString()); } request.setAttribute(userPath, goToPath.toString()); return mapping.findForward(login); } Susan, what about HTTP-put, where there are request parameters that are not in the query string? Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 -- Kris Schneider mailto:[EMAIL PROTECTED] D.O.Tech http://www.dotech.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Redirecting after logon...
Sorry, I meant post On 11/17/2003 05:58 PM Kris Schneider wrote: Just a note that ActionServlet only implements doGet and doPost so I imagine you'll get some sort of method-not-supported error (inherited from HttpServlet) if you send it a PUT request. Quoting Adam Hardy [EMAIL PROTECTED]: Susan, what about HTTP-put, where there are request parameters that are not in the query string? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Redirecting after logon...
Craig Edwards [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] In article [EMAIL PROTECTED], [EMAIL PROTECTED] says... You could do that... or you could do it the J2EE way, decleratively without any coding, letting container do it that way: Thanks for the reply Vic. I can see how that would be the way to go if I were starting from scratch. Unfortunately, I am using a framework that has its own repository for users/roles and I don't think I will be able to coerce it into operating within the J2EE Realm/LoginConfig model. As long as you have users that have passwords, and that might be in zero or more roles, it should be relatively easy to write a realm implementation that would access your custom user information repository. That would allow you to make use of the J2EE container managed security system, which solves your problem about keeping POSTed request parameters across a login event. If there is any way this would work, it seems likely to be the best (least work, most rubust, has some positive side effects) way to go. -Max PS. It is likely that my mail client sucks (Outlook Express), but your messages show up as Newsgroup postings rather than email messages, which makes them a pain to reply to. Are you cross-posting to a newsgroup or something? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Redirecting after logon...
In article [EMAIL PROTECTED], [EMAIL PROTECTED] says... As long as you have users that have passwords, and that might be in zero or more roles, it should be relatively easy to write a realm implementation that would access your custom user information repository. That would allow you to make use of the J2EE container managed security system, which solves your problem about keeping POSTed request parameters across a login event. If there is any way this would work, it seems likely to be the best (least work, most rubust, has some positive side effects) way to go. It does sound like the right way to go... however, I have two reservations: 1. As I understand it, have to have hard coded role names in the web.xml file. For example: auth-constraint role-name/role-name /auth-constraint This means that anytime I create new roles, I have to update two places. Given that I probably won't be doing that too often, that may not be a problem. 2. I am only just learning Struts and the notion of writing a Realm implementation would be yet another thing I have to come to grips with before being able to build application functionality. I'm wary of overengineering at this tender stage... Having said all that, in trying to describe my problem I think I can clarify it by saying: - If a user requests a private page, the framework should authenticate them and then redirect them to the private page. - If a user requests a page for which they are not authorized, they will be redirected to a static not authorized page. Perhaps I can create one J2EE role called LOGGEDON and use container managed security to handle the redirection. This way, I can use J2EE to deal with *authentication*, but I can still manage *authorisation* within my Action framework. Maybe... -- Craig Edwards Sydney, Australia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Redirecting after logon...
In article [EMAIL PROTECTED], [EMAIL PROTECTED] says... You could do that... or you could do it the J2EE way, decleratively without any coding, letting container do it that way: Thanks for the reply Vic. I can see how that would be the way to go if I were starting from scratch. Unfortunately, I am using a framework that has its own repository for users/roles and I don't think I will be able to coerce it into operating within the J2EE Realm/LoginConfig model. Assuming that I have to build my own infrastructure to handle this, do you have any more thoughts? I already have code that recognizes the user isn't logged on and redirects them to logon... I am just missing the step that sends back to where they were originally going. Thanks again for the feedback. -- Craig Edwards Sydney, Australia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]