Re: login test in a jsp page - any suggestions
isn't it should be better to put his verification at actions? maybe a common super action could validade it, but I think that the jsp should be the last place to put it. Ideally, the jsp's are not even exposed to clients, making the access the view only through actions. David Thielen wrote: Hi; I want to put a test in every jsp page to see if the user is logged in. And if not, to forward them to login.jsp. Is there any way to do this other than putting java code in my jsp? I'm hoping there is some struts system like html:check app=MyAction/. (Yes, I can have everything be an action that does this test and then goes to the jsp page - but in that case what if they type the path for the jsp page directly?) thanks - dave -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: login test in a jsp page - any suggestions
Hi Dave, You have more choices to do user authentication, depending on your application's need, your experience and determination :) 1. you can put it in every jsp but just think at the maintenance. Having to modify all those jsp for one little change is not that fun. 2. If you use struts you can check for user in every Action and depending on the result forward him to the proper page. This again is difficult to maintain if you have many Actions but it easy to do and understand 3. Extend RequestProcessor class so you can write your code in just one place. RequestProcessor is called before any Action. I don't have any link to example but I think someone here will help you with this ;) 4. Security constraints / container authentication, related to Tomcat as I understand is well documented on http://jakarta.apache.com/tomcat/ The advantage of this method, less code and centralized authentication. It seems to be the most used method around here 5. Filter authentication, similar in a way to container, the same advantages. Basic you create a class that does the authentication against database etc, and you modify web.xml file to direct all the requests by the filter. 6. A method I didn't try yet and don't know much about, use of a tag-lib on every jsp to do the authentication. These are the methods I found reading posts going back to 2001 in this mailing list. I use this link to search the mailing list: http://marc.theaimsgroup.com/?l=struts-userr;=1w;=2 HTH, Cezar -Original Message- From: David Thielen [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 4:16 PM To: Struts-Users Subject: login test in a jsp page - any suggestions Hi; I want to put a test in every jsp page to see if the user is logged in. And if not, to forward them to login.jsp. Is there any way to do this other than putting java code in my jsp? I'm hoping there is some struts system like html:check app=MyAction/. (Yes, I can have everything be an action that does this test and then goes to the jsp page - but in that case what if they type the path for the jsp page directly?) thanks - dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: login test in a jsp page - any suggestions
I used login as a simple example. But I have another case that is not as simple. I have a 5 page check-out procedure. I want to set it up so that each page will forward to the previous page if the previous page's input fields have not been filled out yet. So each page has to do a different check. In other words, page 1 is the order page. Page 2 is enter your name address, page 3 is the visa card info. So if they go straight to page 3, I want it to see that the name/address is not entered and go to that page. That page sees that no items are order and forwards to that page. So each page has a unique test and forward to. Any good ideas for this situation? thanks - dave - Original Message - From: Cezar Nasui [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 6:56 PM Subject: RE: login test in a jsp page - any suggestions Hi Dave, You have more choices to do user authentication, depending on your application's need, your experience and determination :) 1. you can put it in every jsp but just think at the maintenance. Having to modify all those jsp for one little change is not that fun. 2. If you use struts you can check for user in every Action and depending on the result forward him to the proper page. This again is difficult to maintain if you have many Actions but it easy to do and understand 3. Extend RequestProcessor class so you can write your code in just one place. RequestProcessor is called before any Action. I don't have any link to example but I think someone here will help you with this ;) 4. Security constraints / container authentication, related to Tomcat as I understand is well documented on http://jakarta.apache.com/tomcat/ The advantage of this method, less code and centralized authentication. It seems to be the most used method around here 5. Filter authentication, similar in a way to container, the same advantages. Basic you create a class that does the authentication against database etc, and you modify web.xml file to direct all the requests by the filter. 6. A method I didn't try yet and don't know much about, use of a tag-lib on every jsp to do the authentication. These are the methods I found reading posts going back to 2001 in this mailing list. I use this link to search the mailing list: http://marc.theaimsgroup.com/?l=struts-userr;=1w;=2 HTH, Cezar -Original Message- From: David Thielen [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 4:16 PM To: Struts-Users Subject: login test in a jsp page - any suggestions Hi; I want to put a test in every jsp page to see if the user is logged in. And if not, to forward them to login.jsp. Is there any way to do this other than putting java code in my jsp? I'm hoping there is some struts system like html:check app=MyAction/. (Yes, I can have everything be an action that does this test and then goes to the jsp page - but in that case what if they type the path for the jsp page directly?) thanks - dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: login test in a jsp page - any suggestions
I would do this using Servlet Filters. Thanks -- pady [EMAIL PROTECTED] -Original Message- From: David Thielen [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 11:03 PM To: Struts Users Mailing List Subject: Re: login test in a jsp page - any suggestions How can I set things up so people can't get to a jsp page? I can set it up so a jsp page is never in the url - but if someone knows the file name they can still get to it. (And a cardinal rule of security is that an unlisted filename is not very effective protection.) thanks - dave - Original Message - From: Emerson Cargnin [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 2:52 PM Subject: Re: login test in a jsp page - any suggestions isn't it should be better to put his verification at actions? maybe a common super action could validade it, but I think that the jsp should be the last place to put it. Ideally, the jsp's are not even exposed to clients, making the access the view only through actions. David Thielen wrote: Hi; I want to put a test in every jsp page to see if the user is logged in. And if not, to forward them to login.jsp. Is there any way to do this other than putting java code in my jsp? I'm hoping there is some struts system like html:check app=MyAction/. (Yes, I can have everything be an action that does this test and then goes to the jsp page - but in that case what if they type the path for the jsp page directly?) thanks - dave -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: login test in a jsp page - any suggestions
Dave, If you put your JSP pages under your WEB-INF directory in your web app, they will be protected from direct access by your users. If you use the action forwards in Struts and only forward to the next page once you validate the current page, you shouldn't have a problem. Use the POST method on your forms. -Richard -Original Message- From: David Thielen [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 8:03 PM To: Struts Users Mailing List Subject: Re: login test in a jsp page - any suggestions How can I set things up so people can't get to a jsp page? I can set it up so a jsp page is never in the url - but if someone knows the file name they can still get to it. (And a cardinal rule of security is that an unlisted filename is not very effective protection.) thanks - dave - Original Message - From: Emerson Cargnin [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 2:52 PM Subject: Re: login test in a jsp page - any suggestions isn't it should be better to put his verification at actions? maybe a common super action could validade it, but I think that the jsp should be the last place to put it. Ideally, the jsp's are not even exposed to clients, making the access the view only through actions. David Thielen wrote: Hi; I want to put a test in every jsp page to see if the user is logged in. And if not, to forward them to login.jsp. Is there any way to do this other than putting java code in my jsp? I'm hoping there is some struts system like html:check app=MyAction/. (Yes, I can have everything be an action that does this test and then goes to the jsp page - but in that case what if they type the path for the jsp page directly?) thanks - dave -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: login test in a jsp page - any suggestions
put your pages inside /WEB-INF/ and do an foward to there... I'm not sure if you have to create an foward at strtus-config or not David Thielen wrote: How can I set things up so people can't get to a jsp page? I can set it up so a jsp page is never in the url - but if someone knows the file name they can still get to it. (And a cardinal rule of security is that an unlisted filename is not very effective protection.) thanks - dave - Original Message - From: Emerson Cargnin [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 2:52 PM Subject: Re: login test in a jsp page - any suggestions isn't it should be better to put his verification at actions? maybe a common super action could validade it, but I think that the jsp should be the last place to put it. Ideally, the jsp's are not even exposed to clients, making the access the view only through actions. David Thielen wrote: Hi; I want to put a test in every jsp page to see if the user is logged in. And if not, to forward them to login.jsp. Is there any way to do this other than putting java code in my jsp? I'm hoping there is some struts system like html:check app=MyAction/. (Yes, I can have everything be an action that does this test and then goes to the jsp page - but in that case what if they type the path for the jsp page directly?) thanks - dave -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
login test in a jsp page - any suggestions
Hi; I want to put a test in every jsp page to see if the user is logged in. And if not, to forward them to login.jsp. Is there any way to do this other than putting java code in my jsp? I'm hoping there is some struts system like html:check app=MyAction/. (Yes, I can have everything be an action that does this test and then goes to the jsp page - but in that case what if they type the path for the jsp page directly?) thanks - dave
RE: login test in a jsp page - any suggestions
Why not use a servlet filter ? Thanks -- pady [EMAIL PROTECTED] -Original Message- From: David Thielen [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 4:16 PM To: Struts-Users Subject: login test in a jsp page - any suggestions Hi; I want to put a test in every jsp page to see if the user is logged in. And if not, to forward them to login.jsp. Is there any way to do this other than putting java code in my jsp? I'm hoping there is some struts system like html:check app=MyAction/. (Yes, I can have everything be an action that does this test and then goes to the jsp page - but in that case what if they type the path for the jsp page directly?) thanks - dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]