Rick,
I recently had a similar problem. Using J2EE security, I was not sure how
to "detect" a user login. After all, a user can go into ANY protected page,
and I did not want to put the same tag in to EVERY single .JSP page that was
protected.
The solution, at least in my case, came in a form a filter. I installed a
filter, which checks every single request to the server. For each request,
I check to see if the user is authenticated by retrieving the principal.
When I detect that the user has logged in, I perform some action, and note
in the session that this has been done before.
This works for me....
Here is my doFilter code:
final HttpServletRequest
request = (HttpServletRequest) req;
final HttpSession
session = request.getSession(false);
if (session != null && session.getAttribute(USER_LOGIN_CHECK) == null) {
final Principal principal = request.getUserPrincipal();
if (principal != null) {
session.setAttribute(USER_LOGIN_CHECK, new Boolean(true));
action.userLoggedIn(principal.getName(), req, res);
}
}
chain.doFilter(req, res);
-AP_
http://www.myprofiles.com/member/profile/apara_personal
-----Original Message-----
From: Rick Mann [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 29, 2002 1:02 AM
To: Struts Users Mailing List
Subject: Re: Best way to forward to login, then re-forward to originally
requested resource?
on 5/28/02 11:59 PM, Adam Hardy at [EMAIL PROTECTED] wrote:
> I wouild save the form bean and a mapping or action forward in the
> session, and collect them when the in-between task is finished.
Yeah, I was thinking of that, too.
Okay, so here's the struts-specific problem: how do I get the name of the
action in a way that I can use later to generate an ActionForward? If I call
mapping.getPath(), I get the path used in the mapping, but it will be
"outside" of the pattern set up in the deployment descriptor. Typically, it
will not end in ".do".
Right now, I do this:
forward = new ActionForward();
forward.setContextRelative(true);
forward.setPath(originalResource + ".do");
This works, but won't work if the original resource was a .jsp. (I'd like to
put a tag at the top of a JSP to check for a valid login). In fact, it
doesn't work in the general case (say the deployment action servlet mapping
is "/action/*" instead of "*.do").
Perhaps I just don't understand container-managed security well enough. How
can I cause one of my User objects to be created in the session when the
user gets authenticated? As far as what's provided by the server, it just
sets a user name (and principal) available to servlets. I suppose I could
look for the user, and if it's not found, create one based on the result of
isUserInRole() et al., but it just seems less than elegant. I'll post a more
general question to the Tomcat list.
--
Rick
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
