Hi James, Thanks for your help about login and JSP in general. Learning Struts requires time and I forgot that JSP exist without Action mechanism. So we can call them with basic URLs.
I looked at your example but for each Action class you make the following login test: // Is there a currently logged on user? User user = (User) session.getAttribute(Constants.USER_KEY); if (user == null) { if (log.isTraceEnabled()) { log.trace(" User is not logged on in session " + session.getId()); } return (mapping.findForward("logon")); } } I don't want to do that. I prefer - create a ActionBase class with a method IsLogin() and all Action classes of my application have to sub-class this class. - or second solution subclass RequestProcessor class, and do login process in the processPreprocess() method. I think it is the best solution. When the request is a login request, the processPreprocess() must not make the login test. According to the previous explanations, I must put the login.jsp outside the WEB-INF directory, in this case the RequestProcessor is not called. But before allowing login I have to do authentication test, where could I put the authentication code ? I don't want to do it in the JSP page. Do I have to create an Action that is not called by the ActionServlet ? then the problem is that I must manage the forward. I am not sure that it is the best solution. If someone has a solution, I am very interested. Thanks Sandra -----Original Message----- From: James Mitchell [mailto:[EMAIL PROTECTED]] Sent: 02 July 2002 16:54 To: Step Cc: Struts-Atlanta; Struts Users Mailing List Subject: RE: Login process ok....here ya go... http://www.open-tools.org/struts-atlanta/downloads/ ...coming soon......Proposal for new struts-example that demonstrates all features in the Struts framework (and I mean ALL)...stay tuned James Mitchell Software Engineer\Struts Evangelist Struts-Atlanta, the "Open Minded Developer Network" http://www.open-tools.org/struts-atlanta > -----Original Message----- > From: Step [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 01, 2002 9:26 PM > To: [EMAIL PROTECTED] > Subject: RE: Login process > > > > James I want a copy your modified struts-example... > > Thanks > > > -----Original Message----- > From: James Mitchell [mailto:[EMAIL PROTECTED]] > Sent: 01 July 2002 23:56 > To: Struts Users Mailing List; [EMAIL PROTECTED] > Subject: RE: Login process > > There are varied opinions on doing as Andrew suggests. > > I, personally, recommend that approach as it: > a) forces the users to go through index.jsp or an action > b) allows you to put your session validation/redirection in > one place (the action or base action class) > c) forces your developers to use actions for everything, even > if you are just displaying a simple jsp with no dependent > objects (ActionForm or other beans) > > I have found that this approach forces good design and better code. > > I have modified the struts-example to use this. > Let me know if you would like a copy. > > > James Mitchell > Software Engineer\Struts Evangelist > Struts-Atlanta, the "Open Minded Developer Network" > http://www.open-tools.org/struts-atlanta > > > > > > -----Original Message----- > > From: Andrew Hill [mailto:[EMAIL PROTECTED]] > > Sent: Monday, July 01, 2002 5:56 AM > > To: Struts Users Mailing List > > Subject: RE: Login process > > > > > > Apart from the index.jsp, you would probably be best served by putting > all > > your other jsps (that require authentication) in the WEB-INF > > directory. This > > way they can only be reached by an action forwarding to them and not > > directly. > > > > -----Original Message----- > > From: Heligon Sandra [mailto:[EMAIL PROTECTED]] > > Sent: Monday, July 01, 2002 17:50 > > To: '[EMAIL PROTECTED]' > > Subject: Login process > > > > > > > > Hi, > > > > I am trying to use the method processPreprocess of the > > RequestProcessor > > in order to authenticate web clients in my struts application. > > I am some doubt about the flow, when the index.jsp page is > displayed > > this > > method is called, isn't it ? > > How can I distinguish an unauthorized request from a first > request ( > > index.jsp) ? Has somebody a sequence diagram > that illustrate > this > > "mechanism" ? > > > > Thanks > > > > > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>