Hi Eddie and Dimitar.. Thanks for your responses. I realise that using cookies isn't the most secure thing to do, however, this is a restriction that has been placed upon us from the server that is redirecting the call to us. However, we actually only keep the username and some other information (not password) in the cookie and then our server will need to perform a server to server SOAP message to authorise the userid with the originating server.
BTW, Eddie, is your CMA specifically the EJB container users/roles? Does the web container allow CMA? Dimitar...your idea to forward directly to an action worked. Thanks! Cheers! Siong At 03:16 PM 19/09/2002 -0500, you wrote: >I wouldn't store username/password in a cookie! That's ... very bad! >Cookies have bad enough of a rep. > >If you're in a position to use Container-Managed Authentication (CMA), do >so. Then, you can assign a role to a logged-in user (validuser, let's >say) and use that to determine things. > >Struts tags (and even declarations for things in the config file) allow >you to specify a role that the user must have to view that material. > >Dimitar Stavrakov wrote: > >>Hi Siong, >>You should use action mapping and type the action url instead of the jsp >>url. Something like this : https://www.theserver.com/ActionName.do. Then in >>your struts-config.xml you can specify the form associated with the action >>and have validate = true. Something like this: >><action path="/ActionName.do" >> type="com.class.ActionName" >> className="com.class.ActionName " >> name="ActionFormName" >> validate="true" >> scope="yourscope" >> input="/jsp/pageName.jsp"> >> </action> >> >> >>Regards, >> Dimitar >> >> >>-----Original Message----- >>From: Siong Chan [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 19, 2002 >>2:59 PM >>To: [EMAIL PROTECTED] >>Subject: Help on Struts's handling of initial pg request. >> >>Hi all.. >> >>I was wondering if anyone of you might know the answer to this question: >> >>Does the ActionForm's (Form Bean) validate method get invoked if it is an >>initial request for the page? For example, I'm currently in >>www.yahoo.com. However, I would like to hit a site in secured server to >>perform some transactions. I type in https://www.testserver.com/dl.jsp. >>Upon pressing the return button, the testserver will receive a request >>for the dl.jsp page. Is there anyway to invoke the validate method in the >>form bean associated to the dl.jsp? >> >>If not, I was wondering if there are any suggestions on how can I >>validate username and id that was previously stored in a cookie during >>this initial page request. In other words, how can I make sure that the >>user requesting for the page has the privilege to view it? >> >>Thanks in advance for any help rendered. >> >>Cheers! >>Siong >> >> >> >>Siong H. Chan >>Systems Engineer, eBusiness Division >>MacDonald Dettwiler >>Add: 13800 Commerce Parkway, Richmond, BC, Canada V6V 2J3 >>Email: [EMAIL PROTECTED] >>Voice: (604)231-2150 >>Fax: (604)278-2533 >>URL: http://www.mda.ca/ >> >> >>-- >>To unsubscribe, e-mail: >><mailto:[EMAIL PROTECTED]> >>For additional commands, e-mail: >><mailto:[EMAIL PROTECTED]> >> >>-- >>To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > >-- >Eddie Bush > > > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > Siong H. Chan Systems Engineer, eBusiness Division MacDonald Dettwiler Add: 13800 Commerce Parkway, Richmond, BC, Canada V6V 2J3 Email: [EMAIL PROTECTED] Voice: (604)231-2150 Fax: (604)278-2533 URL: http://www.mda.ca/ -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
