I've never used the checklogon tag in struts. But, checking logon state in a jsp is not a very good idea unless you are checking for specific roles in order to display info. But, it will work to some degree if you want to use you jsp as a controller.
Extending the action would be more sufficient or write a Filter class that does the job. Generally though it is not a good idea to wrap the security into the app. I am writing a security layer that sits between struts and the app and ties them together without creating security dependencies within the app. I am working hard to make it available. But, it is not an easy task. I've had to make several changes. Once it is complete it should provide a more flexible security layer for developers to work with without having app specific security. In other words... you can use the standard programmatic checking. Then as the standard container managed security matures my security can be swapped out for the standard. But, I do not address the security logout issues that you need. I allow for a way to invalidate the session. Logging out is generally the responsibility of the client. Brandon Goodin Phase Web and Multimedia P (406) 862-2245 F (406) 862-0354 [EMAIL PROTECTED] http://www.phase.ws -----Original Message----- From: vivek shrivastava [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 10:20 AM To: [EMAIL PROTECTED] Subject: RE: Preserving Login Information Hi, I am using Programmatic authentication( one way Encryption ) for my login authentication. what is "Checklogon" tag for in struts? is this the solution for my problem # 1? Please do reply me! thanks >From: "Phase Web and Multimedia" <[EMAIL PROTECTED]> >Reply-To: "Struts Developers List" <[EMAIL PROTECTED]> >To: "Struts Developers List" <[EMAIL PROTECTED]> >Subject: RE: Preserving Login Information >Date: Mon, 29 Apr 2002 01:41:02 -0600 > >Question #1: > >What security are you using? I am assuming container managed. If so, then >you can use the programmatic standard of request.isUserInRole(String role). >To find out user or principal identification you can use the >request.getRemoteUser() and request.getUserPrincipal(). Another plan is to >store a user bean into the session and draw info from when needed. > >Quesiton #2" > >The only way that I know how you would accomplish (or even come close to) >an >auto logout when someone leaves the site would be to keep a request scope >boolean passed in every request. If the boolean is absent from a particular >request then a login is required. The best way you could do this would >probably be to extend you base Action class and enclude a method that looks >for a request scope value. If the value isn't there then you invalidate the >session and require a login. This would require that you include a call to >your extended method in every action class. > >Brandon Goodin >Phase Web and Multimedia >P (406) 862-2245 >F (406) 862-0354 >[EMAIL PROTECTED] >http://www.phase.ws > > >-----Original Message----- >From: vivek shrivastava [mailto:[EMAIL PROTECTED]] >Sent: Sunday, April 28, 2002 10:14 PM >To: [EMAIL PROTECTED] >Subject: Preserving Login Information > > >HI, > >First of i would like to say to all of you that this is my first web >application and i am using struts. > >I have question about "Preserving Loginn Information" or "Passing >Authentication Information to all other pages". > >Q1. >once a user has logged in, and we have confirmed that the loging is >correct, >How do we keep track this information for all future user request that we >have validate this user and this is a valid user. what is the best and way >to achieve this task? > >Q2. >Once user leave the application , lets say user opens yahoo.com without >clicking on logout link on the application. how can we prompt user for >login/password, if he/she try to use application using "Back" button? > >If someone can help me or point me to a example where i can see how do we >solve or implement both the problem? please do help me because i have to >build this application and give a demo ASAP ( not fully but loging part). > > >waiting for help and thanks for help. > >vivek > > > > > >_________________________________________________________________ >Send and receive Hotmail on your mobile device: http://mobile.msn.com > > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> > > > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> > _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
