Hi Jeff,
In your code, you keep the token in the ServletContext
rather than in the user session.
>
(String)getServletContext().getAttribute(SeamConstants.LOGGEDINVAR);
Isn't the ServletContext shared by all the users in
the application?
Regards
Sridhar Kumanduri
--- [EMAIL PROTECTED] wrote:
> This uses a constant to determine if you wanted
> login checking to be on or
> off. Sometimes during development you might not
> want that requirement.
>
> Jeff Krueger
>
>
> public class TradeController extends
> PersistentSessionController
> {
>
> public void init() throws ServletException
> {
> super.init();
> }
>
> protected boolean
> processPreprocess(HttpServletRequest request,
>
> HttpServletResponse response)
> throws IOException, ServletException
> {
> boolean status =
> super.processPreprocess(request, response);
> // Check for login
> if (status && SeamConstants.LOGIN_ACTIVE)
> {
> // process the uri
> String requri = request.getRequestURI();
> int p1 = requri.lastIndexOf("/");
> String page = requri.substring(p1+1);
>
> if(!(SeamConstants.LOGIN_DO.equals(page)))
> { // not the logion
> page - loginScreen.trade
>
> if(!(SeamConstants.LOGIN_SUBMIT.equals(page))) { //
> not the
> target of the login post - login
> String valid =
>
(String)getServletContext().getAttribute(SeamConstants.LOGGEDINVAR);
> if((valid == null) ||
> (!(valid.equals(SeamConstants.LOGGEDINVAL)))) {
> // the user has not logged in,
> redirect to the login url
> RequestDispatcher disp =
>
getServletContext().getRequestDispatcher(SeamConstants.LOGGIN_DISPATCH);
> disp.forward(request,response);
> return false;
> }
> }
> }
> }
> return status;
> }
> }
>
> -----Original Message-----
> From: Thinh Doan [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 13, 2002 10:21 AM
> To: Struts Users Mailing List
> Subject: RE: Want to check user is logged in every
> page server]
>
>
> Regis,
> Would you please give some code example on how you
> extended the
> ActionServlet on how you did it? Thanks,
>
> Thinh
>
> -----Original Message-----
> From: Régis Melo [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 13, 2002 11:22 AM
> To: 'Struts Users Mailing List'
> Subject: RES: Want to check user is logged in every
> page server]
>
>
> Hello Antony,
>
> I extend the ActionServlet and Write some code to
> test if the
> user is logged and if He has permission to acess a
> page.
>
> It's very flexibile because is not only a test of
> login or not
> login. I can test, for example, if user XYZ has
> permission to acess some
> URL after He is logged in.
>
>
>
> Régis Melo
> SoftSite Tecnologia
>
>
>
> -----Mensagem original-----
> De: Antony Stace [mailto:[EMAIL PROTECTED]]
> Enviada em: domingo, 27 de janeiro de 2002 23:25
> Para: [EMAIL PROTECTED]
> Assunto: AW: Want to check user is logged in every
> page server]
>
>
> Hi
>
> In the struts example the method used( as many
> people have pointed out)
> to check that the person requesting the page is
> logged on is to have at
> the top of each jsp a tag like
>
>
> <custom:checkLogonTag/>
>
> This tag should check to see if some sort of bean is
> present - this bean
> indicates the user has logged on successfully -
> (method 1).
> Do I need to do anything else or is this the safest
> way to ensure a user
> is loged on before serving them the requested page.
>
> Question, is there any point of having some sort of
> database record to
> indicate a user has loggon on and checking with that
> database record as
> well as the bean in (method 1) that the user is
> logged on?
>
>
>
> Cheers
>
> Tony
>
>
> >You can do this with a custom tag
> >
> ><custom:checkLogonTag/>
> >
> >of course you also need to implement this tag.
> >this is what actually does the job:
> >public int doEndTag() throws JspException {
> >
> > // Is there a valid user logged on?
> > boolean valid = false;
> > HttpSession session = pageContext.getSession();
> > if ((session != null) &&
> (session.getAttribute(name) != null))
> > valid = true;
> >
> > // Forward control based on the results
> > if (valid)
> > return (EVAL_PAGE);
> > else {
> > try {
> > pageContext.forward(page);
> > } catch (Exception e) {
> > throw new JspException(e.toString());
> > }
> > return (SKIP_PAGE);
> > }
> >
> > }
> >
> >Take a look at the example Mailserver application
> that comes with
> >Struts.
> >
> >>-----Ursprungliche Nachricht-----
> >>Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> >>Gesendet: Dienstag, 20. November 2001 10:42
> >>An: Struts Users Mailing List
> >>Betreff: Want to check user is logged in every
> page server
> >>
> >>
> >>Hi
> >>
> >>Everytime a page is served from my Struts
> application, I want to check
> >>to make sure the user is logged in. If they are
> not then I want to
> send
> >>them to the login screen. What is the best way to
> go about this using
>
> >>Struts?
> >>
> >>Cheers
> >>
> >>Tony
>
>
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
