RE: Login process

Heligon Sandra Fri, 05 Jul 2002 06:36:49 -0700

Hi James,

Thanks for your help about login and JSP in general. 
Learning Struts requires time and I forgot that JSP exist
without Action mechanism. So we can call them with basic URLs.


I looked at your example but for each Action class
you make the following login test:

// Is there a currently logged on user?
User user = (User) session.getAttribute(Constants.USER_KEY);
if (user == null) {
     if (log.isTraceEnabled()) {
          log.trace(" User is not logged on in session "
                          + session.getId());
          }
            return (mapping.findForward("logon"));
        }
}
I don't want to do that. 
I prefer 
- create a ActionBase class with a method IsLogin() and all Action classes
of my application
  have to sub-class this class.
- or second solution subclass RequestProcessor class, and do
  login process in the processPreprocess() method. 
  I think it is the best solution.

When the request is a login request, the processPreprocess() must
not make the login test. According to the previous explanations,
I must put the login.jsp outside the WEB-INF directory, in this case
the RequestProcessor is not called.
But before allowing login I have to do authentication test, where
could I put the authentication code ? I don't want to do it in the JSP page.
Do I have to create an Action that is not called by the ActionServlet ?
then the problem is that I must manage the forward. I am not sure that it is
the
best solution.

If someone has a solution, I am very interested.
Thanks
Sandra
        

-----Original Message-----
From: James Mitchell [mailto:[EMAIL PROTECTED]]
Sent: 02 July 2002 16:54
To: Step
Cc: Struts-Atlanta; Struts Users Mailing List
Subject: RE: Login process


ok....here ya go...

http://www.open-tools.org/struts-atlanta/downloads/


...coming soon......Proposal for new struts-example that demonstrates
all features in the Struts framework (and I mean ALL)...stay tuned


James Mitchell
Software Engineer\Struts Evangelist
Struts-Atlanta, the "Open Minded Developer Network"
http://www.open-tools.org/struts-atlanta




> -----Original Message-----
> From: Step [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 01, 2002 9:26 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Login process
> 
> 
> 
> James I want a copy your modified struts-example...
> 
> Thanks
> 
> 
> -----Original Message-----
> From: James Mitchell [mailto:[EMAIL PROTECTED]] 
> Sent: 01 July 2002 23:56
> To: Struts Users Mailing List; [EMAIL PROTECTED]
> Subject: RE: Login process
> 
> There are varied opinions on doing as Andrew suggests.
> 
> I, personally, recommend that approach as it:
>  a) forces the users to go through index.jsp or an action
>  b) allows you to put your session validation/redirection in
>     one place (the action or base action class)
>  c) forces your developers to use actions for everything, even
>     if you are just displaying a simple jsp with no dependent
>     objects (ActionForm or other beans)
> 
> I have found that this approach forces good design and better code.
> 
> I have modified the struts-example to use this.
> Let me know if you would like a copy.
> 
> 
> James Mitchell
> Software Engineer\Struts Evangelist
> Struts-Atlanta, the "Open Minded Developer Network"
> http://www.open-tools.org/struts-atlanta
> 
> 
> 
> 
> > -----Original Message-----
> > From: Andrew Hill [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, July 01, 2002 5:56 AM
> > To: Struts Users Mailing List
> > Subject: RE: Login process
> >
> >
> > Apart from the index.jsp, you would probably be best served by putting
> all
> > your other jsps (that require authentication) in the WEB-INF
> > directory. This
> > way they can only be reached by an action forwarding to them and not
> > directly.
> >
> > -----Original Message-----
> > From: Heligon Sandra [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, July 01, 2002 17:50
> > To: '[EMAIL PROTECTED]'
> > Subject: Login process
> >
> >
> >
> >     Hi,
> >
> >     I am trying to use the method processPreprocess of the
> > RequestProcessor
> >     in order to authenticate web clients in my struts application.
> >     I am some doubt about the flow, when the index.jsp page is
> displayed
> > this
> >     method is called, isn't it ?
> >     How can I distinguish an unauthorized request from a first
> request (
> > index.jsp) ?                Has somebody a sequence diagram 
> that illustrate
> this
> > "mechanism" ?
> >
> >     Thanks
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> >
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> 
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> 
> 

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Login process

Reply via email to