Theo I would check in struts-examples in the struts installation.
Adam
On 03/14/2004 04:03 PM Theodosios Paschalidis wrote:
Adam thank you for your reply. It is most likely Tomcat (4.1.24) that does not refresh (supposedly peaks up the updated classes) and I have to delete its temporary working folder every time.
In terms of security, things did work when Tomcat used the latest classes. My application is quite small and it is not expected to go beyond small/medium. I have already implemented the Action based security and I only need JSP security in a couple of "welcome" pages. Since I must be finishing this quickly there is no time to look into a security framework. The <logic> tag is requirement in my case! Could somebody please provide an example of using the <logic> tag, to check for the presence of an attribute checking it's boolean property and forwarding to a page? Thanks again, Theo
----- Original Message ----- From: "Adam Hardy" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Sunday, March 14, 2004 10:11 AM
Subject: Re: Checking if user has a valida session
Struts is rock solid - if something's going wrong, you can bet your bottom dollar it's something you've done.
Doing it in your jsps is, as someone else said earlier, way too late. If you're not going to use container-managed security, which is sufficient for most needs, then put it in a filter. It's easy, central and maintenance-free. Better than updating all your JSPs.
As for tags, I'm not sure about <logic> tags, I use <c> tags in JSTL.
Setting form properties in the Action classes is standard practice.
Adam
On 03/13/2004 11:43 PM Theodosios Paschalidis wrote:
Struts seems to be erratic! It first worked then with no changes it
didn't!
Something is going terribly wrong with how the server updates the
classes...
I believe the safest bet is to do it my jsp. -Could somebody please give an example of using the <logic> tag, to
check
for the presence of an attribute checking it's boolean property and forwarding to a page? -Also is it ok to set a Form property in the Action class?
Forgive my basic question but I could not get it to work with a boolean property!
Thank you for your time, Theo
----- Original Message ----- From: "Robert Nocera" <[EMAIL PROTECTED]>
To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
Sent: Saturday, March 13, 2004 5:34 PM
Subject: RE: Checking if user has a valida session
How about this: public boolean isUserAdmin(HttpServletRequest request) { //Check if the Admin is logged on if (isLogged(request)) { HttpSession session = request.getSession(); LogonForm user = (LogonForm) session.getAttribute(Constants.USER_KEY); return (user.isAdmin()); } else { return false; }
-----Original Message----- From: Theodosios Paschalidis [mailto:[EMAIL PROTECTED] Sent: Saturday, March 13, 2004 11:42 AM To: Struts Users Mailing List Subject: Re: Checking if user has a valida session
Hi all,
I was just trying to figure out how to do that. (newbie) I have an app
that
has some pages available for all, some for logged in users and some for administrators.
I prevent access to logged-only pages by a tags that hide the relevant functionality. I have now written an abstract BaseAction with 3 methods:
isSessionValid,
isLogged and isUserAdmin in order to implement Action based security.
My problem is that I can still go to my ".do" or ".jsp" pages directly
by
typing in the URL. If I try to submit something instead of being
forwarded
to, say, LogOff, I get this error java.lang.NullPointerException at app.AbstActionBase.isUserAdmin(Unknown Source) at app.InsertItemAction.execute(Unknown Source)
since my code checks based on a request that is not there! Any way to prevent this? Thank you for your time, Theo
public boolean isSessionValid(HttpServletRequest request) { if (request == null) return (false); HttpSession session = request.getSession(); if (session == null) return(false); return true; }
public boolean isLogged(HttpServletRequest request) { // Checked for a currently logged on user HttpSession session = request.getSession(); LogonForm user = (LogonForm) session.getAttribute(Constants.USER_KEY); return ((user == null) ? false : true); }
public boolean isUserAdmin(HttpServletRequest request) { //Check if the Admin is logged on HttpSession session = request.getSession(); LogonForm user = (LogonForm) session.getAttribute(Constants.USER_KEY); return (user.isAdmin()); }
----- Original Message ----- From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 12, 2004 8:50 PM
Subject: RE: Checking if user has a valida session
There are different ways of implementing a secure site, and many
variables
involved.
When you say you want to see if the session is "valid," are you talking about name/password authentication, or some other session attribute?
If the former, you can implement a standard J2EE security model in the
web
app deployment descriptor (web.xml), specifying which user roles can
access
which pages (such "*.do"), and exempting specified other resources (e.g. "login.do"). This will automatically prevent users from accessing pages without being authenticated first, and also enable you to configure
session
timeouts easily. It's also an easy, central, and standard method of configuring security, and fits in neatly with the roles-based
configuration
in the Struts config file. Your options would work as well, but
wouldn't
be
very flexible or easy to manage, especially if you expect the
application
to
get big.
-----Original Message----- From: Joao Batistella [mailto:[EMAIL PROTECTED] Sent: Friday, March 12, 2004 2:55 PM To: 'Struts Users Mailing List' Subject: Checking if user has a valida session
Hello.
I have to check in my application if the user has a valid session in every page and, if not, redirect him to the login page. What is the best way of doing this?
I see 3 options:
1. Put an include or tag in every page that checks this 2. Check this in my struts action 3. Use a servlet filtering to filter all .jsp or .do requests
I'm thinking about adopting solution number 3. Is it the best aproach?
Thanks, JP
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]