Hi Jeff, In your code, you keep the token in the ServletContext rather than in the user session.
> (String)getServletContext().getAttribute(SeamConstants.LOGGEDINVAR); Isn't the ServletContext shared by all the users in the application? Regards Sridhar Kumanduri --- [EMAIL PROTECTED] wrote: > This uses a constant to determine if you wanted > login checking to be on or > off. Sometimes during development you might not > want that requirement. > > Jeff Krueger > > > public class TradeController extends > PersistentSessionController > { > > public void init() throws ServletException > { > super.init(); > } > > protected boolean > processPreprocess(HttpServletRequest request, > > HttpServletResponse response) > throws IOException, ServletException > { > boolean status = > super.processPreprocess(request, response); > // Check for login > if (status && SeamConstants.LOGIN_ACTIVE) > { > // process the uri > String requri = request.getRequestURI(); > int p1 = requri.lastIndexOf("/"); > String page = requri.substring(p1+1); > > if(!(SeamConstants.LOGIN_DO.equals(page))) > { // not the logion > page - loginScreen.trade > > if(!(SeamConstants.LOGIN_SUBMIT.equals(page))) { // > not the > target of the login post - login > String valid = > (String)getServletContext().getAttribute(SeamConstants.LOGGEDINVAR); > if((valid == null) || > (!(valid.equals(SeamConstants.LOGGEDINVAL)))) { > // the user has not logged in, > redirect to the login url > RequestDispatcher disp = > getServletContext().getRequestDispatcher(SeamConstants.LOGGIN_DISPATCH); > disp.forward(request,response); > return false; > } > } > } > } > return status; > } > } > > -----Original Message----- > From: Thinh Doan [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 13, 2002 10:21 AM > To: Struts Users Mailing List > Subject: RE: Want to check user is logged in every > page server] > > > Regis, > Would you please give some code example on how you > extended the > ActionServlet on how you did it? Thanks, > > Thinh > > -----Original Message----- > From: Régis Melo [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 13, 2002 11:22 AM > To: 'Struts Users Mailing List' > Subject: RES: Want to check user is logged in every > page server] > > > Hello Antony, > > I extend the ActionServlet and Write some code to > test if the > user is logged and if He has permission to acess a > page. > > It's very flexibile because is not only a test of > login or not > login. I can test, for example, if user XYZ has > permission to acess some > URL after He is logged in. > > > > Régis Melo > SoftSite Tecnologia > > > > -----Mensagem original----- > De: Antony Stace [mailto:[EMAIL PROTECTED]] > Enviada em: domingo, 27 de janeiro de 2002 23:25 > Para: [EMAIL PROTECTED] > Assunto: AW: Want to check user is logged in every > page server] > > > Hi > > In the struts example the method used( as many > people have pointed out) > to check that the person requesting the page is > logged on is to have at > the top of each jsp a tag like > > > <custom:checkLogonTag/> > > This tag should check to see if some sort of bean is > present - this bean > indicates the user has logged on successfully - > (method 1). > Do I need to do anything else or is this the safest > way to ensure a user > is loged on before serving them the requested page. > > Question, is there any point of having some sort of > database record to > indicate a user has loggon on and checking with that > database record as > well as the bean in (method 1) that the user is > logged on? > > > > Cheers > > Tony > > > >You can do this with a custom tag > > > ><custom:checkLogonTag/> > > > >of course you also need to implement this tag. > >this is what actually does the job: > >public int doEndTag() throws JspException { > > > > // Is there a valid user logged on? > > boolean valid = false; > > HttpSession session = pageContext.getSession(); > > if ((session != null) && > (session.getAttribute(name) != null)) > > valid = true; > > > > // Forward control based on the results > > if (valid) > > return (EVAL_PAGE); > > else { > > try { > > pageContext.forward(page); > > } catch (Exception e) { > > throw new JspException(e.toString()); > > } > > return (SKIP_PAGE); > > } > > > > } > > > >Take a look at the example Mailserver application > that comes with > >Struts. > > > >>-----Ursprungliche Nachricht----- > >>Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] > >>Gesendet: Dienstag, 20. November 2001 10:42 > >>An: Struts Users Mailing List > >>Betreff: Want to check user is logged in every > page server > >> > >> > >>Hi > >> > >>Everytime a page is served from my Struts > application, I want to check > >>to make sure the user is logged in. If they are > not then I want to > send > >>them to the login screen. What is the best way to > go about this using > > >>Struts? > >> > >>Cheers > >> > >>Tony > > > === message truncated === __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>