For my app's login, I created a RequestStack object and a custom tag
that I could put at the top of my JSPs. The custom tag checks the
session, if invalid then the tag pushes the requested page onto the
stack and forwards the user to the login page.
For the login action, if there is no destination page defined, the
action takes the RequestStack from the session and pops the requested
page off and slaps it into the login form object. [Since the user may
fail at the login, the destination was added to the form object since
the request is popped from the RequestStack initially]
Once the login is successful, the login action will forward the user to
the destination that's now defined in the form object.
This is nice for users that are using your web site or intranet site for
long periods of time. They are able to quickly re-validate their session
and then continue on like nothing happened, right back to their
originally requested page.
And since we all use MVC, the custom tag described above uses a
singleton in the server context which allows for the same methods that
the custom tag uses to be used in other struts actions for validation.
Best Regards,
Jake Hookom
University of Wisconsin, Eau Claire
[CODE]
// RequestStack.setRequest(ServletRequest)
public void setRequest(javax.servlet.ServletRequest request)
{
HttpServletRequest sreq = (HttpServletRequest) request;
String uri = sreq.getRequestURI();
uri = uri.replaceFirst(sreq.getContextPath(), "/");
String q = sreq.getQueryString();
if (q != null)
{
StringBuffer sb = new StringBuffer(uri);
sb.append("?");
sb.append(q);
uri = sb.toString();
}
this.stack.push(uri);
}
-----Original Message-----
From: Arnaud HERITIER [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 05, 2002 8:17 AM
To: 'Struts Users Mailing List'
Subject: RE: Login process
don't your user attribute need to be static to be shared by all your
actions
instances ???
Arno
> -----Message d'origine-----
> De : David Mulligan [mailto:[EMAIL PROTECTED]]
> Envoyé : vendredi 5 juillet 2002 15:15
> À : 'Struts Users Mailing List'
> Objet : RE: Login process
>
>
> -----Original Message-----
> From: Heligon Sandra [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 05, 2002 1:52 PM
> To: 'Struts Users Mailing List'
> Subject: RE: Login process
>
>
> I prefer
> - create a ActionBase class with a method IsLogin() and all
> Action classes
> of my application
> have to sub-class this class.
> - or second solution subclass RequestProcessor class, and do
> login process in the processPreprocess() method.
>
>
>
>
>
> How about something like the below?
>
> public abstract class AuthenticatedAction extends
> org.apache.struts.action.Action {
> /** A bean that will contain information about the requests
> autenticated
> users. */
> private UserBean user;
> /**
> * Check to see if a user is logged in.
> * If a user is logged in then
> <code>performAuthenticated</code> method
> * will be called, otherwise the logon page will be displayed.
> * This method is set to final so that is can't be overriden by any
> subclass.
> *
> * @param mapping The ActionMapping used to select this instance
> * @param actionForm The optional ActionForm bean for this
> request (if
> any)
> * @param request The HTTP request we are processing
> * @param response The HTTP response we are creating
> *
> * @exception IOException if an input/output error occurs
> * @exception ServletException if a servlet exception occurs
> */
> public final ActionForward perform(ActionMapping mapping,
> ActionForm form,
> HttpServletRequest request,
> HttpServletResponse
> response) throws
> IOException, ServletException {
> HttpSession session = request.getSession();
> this.user = (UserBean)session.getAttribute(Constants.USER_KEY);
>
> if( this.user == null ) { //The user is not logged in, so
> display the
> logon page.
> System.out.println("User is not logged in");
> return mapping.findForward(Constants.FORWARD_LOGON);
> } else {
> ActionForward forward = performAutenticated(mapping,
> form, request,
> response);
> session.setAttribute(Constants.USER_KEY, this.user);
> return forward;
> }
> }
>
> /**
> * Perfrom an autenticated action for a request.
> * This method will be called if an only if the request has
> already been
> autenticated.
> * i.e. The use has logged onto the system and has a session.
> *
> * @param mapping The ActionMapping used to select this instance
> * @param actionForm The optional ActionForm bean for this
> request (if
> any)
> * @param request The HTTP request we are processing
> * @param response The HTTP response we are creating
> *
> * @exception IOException if an input/output error occurs
> * @exception ServletException if a servlet exception occurs
> *
> */
> public abstract ActionForward
> performAutenticated(ActionMapping mapping,
> ActionForm form,
> HttpServletRequest
> request,
>
> HttpServletResponse
> response) throws IOException, ServletException;
> /**
> * The current users <code>UserBean</code>.
> * Get the user that is logged in for the current request.
> * @return user - The <code>UserBean</code> of the user
> that has been
> autenticated for this request.
> */
> protected UserBean getUser() {
> return user;
> }
> }
>
>
>
> All actions that need the user to be logged in extend the above
> class and provide an implemation of performAutenticated() method
>
> All sub-classes can call the getUser() method which will
> return the current
> user.
>
> Obviously, the logon action WILL NOT extend this class!
>
> Dave.
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.373 / Virus Database: 208 - Release Date: 7/1/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.373 / Virus Database: 208 - Release Date: 7/1/2002
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
