Jason,
Authentication and session creation are mostly independent -- you can have a
user with a session that has not been authenticated. I think a user will
always have a session once they have been authenticated, however.
I am not sure I understand quite what you are asking, but you can certainly
have simple JSP/HTML pages that don't have an action in front of them. For
instance, if you had a /sitemap.jsp page, you can link to it directly or use
a global forward (preferably with redrect="true" so the displayed page
content matches the URL in the address bar) to access it. If that page
requires a session, that is no problem even if the user is not
authenticated. If the page has features (like a "Good Morning, joeuser"
greeting), you must be prepared for the possibility that the user won't be
authenticated yet, and request.getRemoteUser() will return null. If you use
a security-constraint to require that the user authenticate themselves
before seeing a given page, you can assume that request.getRemoteUser() will
return a username since the user must be authenticated to view the page in
the first place.
Hope that helps,
-Max
----- Original Message -----
From: "Jason Meredith" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, July 22, 2003 1:29 AM
Subject: Session management
>
> Chaps
>
> I am sure this question has been asked before, if it has please point me
in
> the right direction (URL - example)
>
> A user log's into a web site, once the user has been authenticated, a
> session is created , there are many different actions that a user can
> perform, and it is easy to check if a session exists or has expired within
> each action. If the session times out, then a user is redirected back to
> the login page. No problem.
>
> What do I do for those pages that do not have actions, pages that have
> global forwards for example (org.apache.struts.actions.ForwardAction),
> things like legal pages, site maps, and so on? I don't want to create an
> action just to display a simple JSP/HTML page, that's why I used a
forward.
>
> Regards
>
> Jason Meredith
>
>
>
> *******************************************************************
> The e-mail and any attachments are confidential. They may contain
> privileged information and are intended for the named addressee(s)
> only. If you are not the intended recipient, please notify us
> immediately and do not disclose, distribute, or retain this e-mail
> or any part of it.
>
> Unless expressly stated, opinions in this e-mail are those of the
> individual sender and not of the FIMAT Group. We believe but do not
> warrant that this e-mail and any attachments are virus free.
> You must therefore take full responsibility for virus checking.
> The FIMAT Group reserve the right to monitor e-mail communications
> through its networks.
>
> Where this communication constitutes a financial promotion it is issued
> and approved by Fimat International Banque S.A. (UK Branch) and is
> only intended for persons of a kind described in article 19(5) of the
> Financial Services and Markets Act 2000 (Financial Promotion) Order
> 2001. This information is not intended to be distributed to UK "Private
> Customers" (as defined by the Financial Services Authority).
>
> Fimat International Banque S.A. (UK Branch) whose registered branch
> in England is at SG House, 41 Tower Hill, London EC3N 4SG is authorised
> by the Commission Bancaire in France and by the UK Financial Services
> Authority; regulated by the Financial Services Authority for the conduct
of
> UK Business and is entered in the Financial Services Authority's register
> (Register Number 183415), access to which can be gained via the following
> link: www.fsa.gov.uk/register/
>
> Member and a SETS Participant of the London Stock Exchange ("LSE").
> Where this communication is confirming an "on exchange" transaction
> (as defined by the LSE),the transaction is subject to the rules of the
LSE.
> Any information, opinions, estimates and forecasts contained in this
> document have been arrived at or obtained from public sources believed
> to be reliable and in good faith which has not been independently
> verified and no warranty, express or implied, is made as to their
accuracy,
> completeness or correctness.
>
> This document is not an offer to sell or a solicitation to acquire or
dispose
> of an interest in financial instruments.
>
> If you have received this transmission in error, please telephone
> +44 020 7676 8999 immediately so that we can arrange for its return.
> *******************************************************************
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
