First off let me state that mine is a bit complicated since it gets some
config info from a static object .... I stripped out what I could to make
it more simple...but the whole version of mine gets the redirect url and if
it is enabled or not from a static configuration object that is created via
a plugin that uses Digester....
The example below is as simple as it gets. If a session object does not
exist and the specific object within the session does not exist (in this
case, a user object defined by USER_OBJECT), it redirects to the index.jsp.
Otherwise it just lets the filter continue down the chain of filters....(the
correct thing to do if the user is valid).
In writing your own you will prob. want to abstract the page to redirect to
as well as the object to look for in the session to make everything more
configurable....
You could also go a step further and check the roles within the user object.
Though I do this on a per action basis within the struts-config.xml file via
a SecureAction object that I've created. This allows for a lot of cool
tricks like cascading up the action chain to a point where the user finally
has proper access rights....
anyway... here is the code:
import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.*;
import org.apache.log4j.Logger;
public class SessionFilter
implements Filter
{
private static final Logger log = Logger.getLogger(SessionFilter.class);
private ServletContext context = null;
/**
* Initialize the SessionFilter with the FilterConfigurate from the
* web.xml file
*
* @param _filterConfig The Filter Configuration
*/
public void init(javax.servlet.FilterConfig _filterConfig) {
context = _filterConfig.getServletContext();
}
/**
* Called when the filter needs to be executed
*
* @param _request The ServletRequest
* @param _response The ServletResponse
* @param _chain The FilterChain
*/
public void doFilter(ServletRequest _request, ServletResponse _response,
FilterChain _chain)
throws IOException, ServletException
{
String redirectFailure = "/index.jsp";
HttpSession session = ((HttpServletRequest)_request).getSession();
// the object name to look for should be in the configuration...
if ((session == null) || (session.getAttribute("USER_OBJECT")== null) )
{
context.getRequestDispatcher(redirectFailure)
.forward(_request,_response);
log.debug("Access denied. Redirecting to "+redirectFailure);
}
else {
_chain.doFilter(_request, _response);
}
}
/**
* Doesn't do anything
*/
public void destroy() {}
}
----- Original Message -----
From: "Mike Deegan" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, August 19, 2003 3:43 PM
Subject: Re: Session expired
> Sloan,
>
> Can you provide example code from
> com.symbol.mc.oms.servlet.SessionFilter
> Or is that asking too much ??
>
> TIA,
> Mike
>
> ----- Original Message -----
> From: "Sloan Seaman" <[EMAIL PROTECTED]>
> To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
> Sent: Tuesday, August 19, 2003 12:17 PM
> Subject: Re: Session expired
>
>
> > How about a filter?
> >
> > That is what I use. Anything within a certain path first gets checked
by
> my
> > filter and if the user doesn't have a valid session object it redirects
> them
> > to the login page...
> >
> > This way the code doesn't even know it is happening...
> >
> > You define one in your web.xml like so:
> > <filter>
> >
> > <filter-name>SessionFilter</filter-name>
> >
> > <filter-class>com.symbol.mc.oms.servlet.SessionFilter</filter-class>
> >
> > </filter>
> >
> >
> >
> > <filter-mapping>
> >
> > <filter-name>SessionFilter</filter-name>
> >
> > <url-pattern>/app/*</url-pattern>
> >
> > </filter-mapping>
> >
> >
> >
> > This way anything within the /app dir goes through the filter first...
> >
> > ----- Original Message -----
> > From: "Filip Polsakiewicz" <[EMAIL PROTECTED]>
> > To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
> > Sent: Tuesday, August 19, 2003 8:12 AM
> > Subject: RE: Session expired
> >
> >
> > > My problem is, that I already have something around 60 jsps. Now it
> would
> > be
> > > nice to have a workaround so that i don't have to adapt all my jsps
and
> > > actions.
> > >
> > > > -----Original Message-----
> > > > From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED]
> > > > Sent: Tuesday, August 19, 2003 12:58 PM
> > > > To: Struts Users Mailing List
> > > > Subject: Re: Session expired
> > > >
> > > >
> > > > What if you check from your action before redirecting to a jsp ?
> > > >
> > > >
> > > > Filip Polsakiewicz wrote:
> > > >
> > > > >Hi,
> > > > >is there any way to redirect y user to a jsp if the session is
> expired
> > > > >without checking for an expired session within each single jsp?
> > > > >
> > > > >Thanks, Filip
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
>---------------------------------------------------------------------
> > > > >To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > >For additional commands, e-mail:
[EMAIL PROTECTED]
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > ________________________________________________________________________
> > This email has been scanned for all viruses by the MessageLabs Email
> > Security System. For more information on a proactive email security
> > service working around the clock, around the globe, visit
> > http://www.messagelabs.com
> > ________________________________________________________________________
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
