Rick, I recently had a similar problem. Using J2EE security, I was not sure how to "detect" a user login. After all, a user can go into ANY protected page, and I did not want to put the same tag in to EVERY single .JSP page that was protected.
The solution, at least in my case, came in a form a filter. I installed a filter, which checks every single request to the server. For each request, I check to see if the user is authenticated by retrieving the principal. When I detect that the user has logged in, I perform some action, and note in the session that this has been done before. This works for me.... Here is my doFilter code: final HttpServletRequest request = (HttpServletRequest) req; final HttpSession session = request.getSession(false); if (session != null && session.getAttribute(USER_LOGIN_CHECK) == null) { final Principal principal = request.getUserPrincipal(); if (principal != null) { session.setAttribute(USER_LOGIN_CHECK, new Boolean(true)); action.userLoggedIn(principal.getName(), req, res); } } chain.doFilter(req, res); -AP_ http://www.myprofiles.com/member/profile/apara_personal -----Original Message----- From: Rick Mann [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 29, 2002 1:02 AM To: Struts Users Mailing List Subject: Re: Best way to forward to login, then re-forward to originally requested resource? on 5/28/02 11:59 PM, Adam Hardy at [EMAIL PROTECTED] wrote: > I wouild save the form bean and a mapping or action forward in the > session, and collect them when the in-between task is finished. Yeah, I was thinking of that, too. Okay, so here's the struts-specific problem: how do I get the name of the action in a way that I can use later to generate an ActionForward? If I call mapping.getPath(), I get the path used in the mapping, but it will be "outside" of the pattern set up in the deployment descriptor. Typically, it will not end in ".do". Right now, I do this: forward = new ActionForward(); forward.setContextRelative(true); forward.setPath(originalResource + ".do"); This works, but won't work if the original resource was a .jsp. (I'd like to put a tag at the top of a JSP to check for a valid login). In fact, it doesn't work in the general case (say the deployment action servlet mapping is "/action/*" instead of "*.do"). Perhaps I just don't understand container-managed security well enough. How can I cause one of my User objects to be created in the session when the user gets authenticated? As far as what's provided by the server, it just sets a user name (and principal) available to servlets. I suppose I could look for the user, and if it's not found, create one based on the result of isUserInRole() et al., but it just seems less than elegant. I'll post a more general question to the Tomcat list. -- Rick -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>