I have my ActionServlet mapped to "*.do" and an ActionFilter mapped to that same url-pattern. In ActionFilter, I check to see if there is a UserForm in the session, and secondly to see if request.getRemoteUser() returns null. If either of these occur, I call my Business Delegate (UserManager in my case) to get the user's information. Currently, it talks to a database to get the information, but it easily could talk to a Directory Server like LDAP. Here's some code from my doFilter method:
UserForm userForm = (UserForm) session.getAttribute(Constants.USER_KEY); ServletContext ctx = filterConfig.getServletContext(); String username = request.getRemoteUser(); // user authenticated, empty user object if ((username != null) && (userForm == null)) { try { UserManager mgr = new UserManagerImpl((String) ctx.getAttribute(Constants.DAO_TYPE)); UserForm user = mgr.getUser(username); session.setAttribute(Constants.USER_KEY, user); } catch (Exception e) { log.error("Error getting user's information", e); e.printStackTrace(); ActionErrors errors = new ActionErrors(); errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("errors.general")); while (e != null) { errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("errors.detail", e.getMessage())); e = (Exception) e.getCause(); } request.setAttribute(Globals.ERROR_KEY, errors); // forward to the error page RequestDispatcher dispatcher = request.getRequestDispatcher("/error.jsp"); dispatcher.forward(request, response); return; // stop processing } } --- In [EMAIL PROTECTED], usha <[EMAIL PROTECTED]> wrote: > Hi > > can you tell me briefly how you are using filtes in security-example > application. > > Thanks > usha > > Matt Raible wrote: > > >You could use a filter to map to all your protected resources. This > >is what I do in the security-example application I recently wrote. > >You can download the source at: > > > >http://javawebapps.com/downloads/security-example.zip (14MB) > > > >HTH, > > > >Matt > > > >--- In [EMAIL PROTECTED], usha <[EMAIL PROTECTED]> wrote: > > > > > >>Hi > >> > >>Sorry what you mean by proxy. i didn't get you actually i wanted > >> > >> > >to > > > > > >>authenticate logged in user against the users that are there in > >> > >> > >the > > > > > >>database, and when ever they bookmark some page and if they go to > >> > >> > >that > > > > > >>page directly i wanted to display the login page after they login > >>sussefully only . right now with form based authentication i am > >> > >> > >getting > > > > > >>this , but i had some drawbacks as i mentioned in the previous > >> > >> > >mail. is > > > > > >>there a standard way i can use for user login checks. > >> > >>thanks > >>usha > >> > >>Eddie Bush wrote: > >> > >> > >> > >>>Write a proxy to retrieve the user data you wish to put in the > >>>session. The proxy will check to see if a user has been > >>> > >>> > >authenticated > > > > > >>>(request.getUserPrincipal() != null), and, if they have, it will > >>> > >>> > >check > > > > > >>>to see if your user data has been created yet. If it has, it > >>> > >>> > >will > > > > > >>>just take it from the session and return it. If it hasn't, it > >>> > >>> > >will > > > > > >>>create it, save it to the session, and return it. > >>> > >>>That help? > >>> > >>>usha wrote: > >>> > >>> > >>> > >>>>Hi > >>>> > >>>>i am new to structs. right now i am using in my project form > >>>> > >>>> > >based > > > > > >>>>authentication. with this i have some problems like i cannot > >>>>instantiate some of session veriable upon logging etc. is there > >>>> > >>>> > >any > > > > > >>>>standard mechnism for loging using sturcts. i am using JBoss as > >>>> > >>>> > >my > > > > > >>>>application server. > >>>> > >>>>Thanks in advance > >>>>usha.. > >>>> > >>>> > >>> > >>> > >> > >> > >>-- > >>To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@j...> > >>For additional commands, e-mail: <mailto:struts-user-help@j...> > >> > >> > > > > > >-- > >To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@j...> > >For additional commands, e-mail: <mailto:struts-user-help@j...> > > > > > > > > > -- > To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@j...> > For additional commands, e-mail: <mailto:struts-user-help@j...> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>