hi scott,
well, i'll try my best.
here's the code from the execute method of MyRequestProcessor (that's the
one included in the struts-config.xml):
public class MyRequestProcessor extends TilesRequestProcessor {
public void process(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException {
HttpSession session = req.getSession();
String path = super.processPath(req, res);
String url = req.getRequestURL().toString();
String queryString = req.getQueryString();
// the next lines are there to allow deep linking
// we store the url that has been requested for future use
if ((queryString!=null) && (!"".equals(queryString))) {
url = url + "?" + queryString;
}
if (session.getAttribute(Constants.SESSION_LOGIN_REFER_KEY)
== null) {
if (url != null) {
session.setAttribute(Constants.SESSION_LOGIN_REFER_KEY, url);
}
else {
//TODO: get main URL from property
session.setAttribute(Constants.SESSION_LOGIN_REFER_KEY,
"http://localhost:8080/WebCreator/index.do";);
}
}
// no comes the important stuff
if (!checkForRealm(session)) {
if (!"/login".equals(path)) {
super.doForward("/login.do", req, res);
}
}
super.process(req, res);
}
protected boolean checkForRealm(HttpSession session)
throws ServletException, IOException {
if (session.getAttribute(Constants.SESSION_USER_KEY) != null
) {
return true;
}
else {
return false;
}
}
}
so what it does is:
- get the current requested url for further reference and stores it in the
session if an atrribute with the same key does not exist (see "deep linking"
below")
- then it checks the session for the realm (that is the attribute that you
use to say "the user is logged in")
- if it does not exist and if the request didn't go to /login.do, it
forwards the request to the action /login.do (which is a simple html with
username/password field)
- if it exists it redirects to the super class to process the request as
usual
- you need to implement the checkRealm() method with whatever you need to
check, my example is really simple but very common
with extending TileRequestProcessor (don't care that i extend
TilesRequestProcessor, you can extend the standard request processor the
same way) and adding the lines in struts-config.xml, each request that hits
the struts action servlet will go through MyRequestProcessor BEFORE the
typical struts tasks (action, form beans filling, etc) start. so this is the
right place to check security, authorization and authentication.
regarding "deep linking": i want my customers to be able to store a bookmark
that points deep into the system. when they request this bookmark, they of
course need to login first. so i store the requested url in the session, and
if the login is successfull, i send a redirect to the browser to disply the
page the user requested with his bookmark.
this is done by sending a meta refresh command in the head of the resulting
"login ok" page, with the url containing the session attribute that has been
store with "session.setAttribute(Constants.SESSION_LOGIN_REFER_KEY, url)"
hope that helps, feel free to ask more if something is unclear.
kr,
guenther
--
Günther Wieser
creative-it
Guglgasse 6/1/11/1
A-1110 Wien
Austria
http://www.creative-it.com
-----Original Message-----
From: Scott Purcell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 02, 2005 3:07 PM
To: Struts Users Mailing List
Subject: RE: html:form complains of bean missing
Hello Gunther,
I read last night about the tiles tempating functionality, so I have a
little better handle on it today. It actually is a nice way to create some
parts of my app, so I will revisit it today and try and prototype a couple
of pages together. But as far as handling the session expires, etc, I do not
completely understand how this is accomplished.
What I have today, is a extended Action class which I can call a method eg:
"if (obj.isLoggedIn()) { " type of method. So each of my pages has to go to
the action servlet.
Anyway, if you could show me how you are handling this, or be a litle more
precise that would really help me out.
I sincerely appreciate your time,
Scott
-----Original Message-----
From: Günther Wieser [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 01, 2005 12:40 PM
To: 'Struts Users Mailing List'
Subject: RE: html:form complains of bean missing
hi
if you want a single point where you can check if a user is logged in or
not, you can do something like the following:
create a class "MyRequestProcessor extends TilesRequestProcessor" (in this
case it is because i use tiles) and implement the process() method.
within this method check for the login var that you e.g. put into the
session.
in the struts-config.xml add
<controller
processorClass="com.creative_it.webcreator.strutsext.MyRequestProcessor" />
and everythings fine.
what you need to do in the MyReqestProcessor class is to exclude all URLs
from checking that are used for e.g. the login form, or an error message in
case something went wrong.
if you want to be very nice to your users, store the URL that the user
requested in the session, than redirect to the login form, and if everything
went fine with the login, send him to the page that he/she originally
requested.
if you want the code for this, let me know, i can provide it.
kr,
guenther
-----Original Message-----
From: Scott Purcell [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 01, 2005 7:17 PM
To: user@struts.apache.org
Subject: html:form complains of bean missing
First off, as I am learning Struts I just wanted to thank those, for bearing
with my learning curve and helping out so far.
Here is the issue:
I want to pass all my forms, even forms without params to the
com.skp.action.LoginAction action class, because this class handles the
"isLoggedIn" issue through a subclass of Action.
Anyway, I have a jsp page that has no params, so I have no bean to collect
user data, so I configured my action like so:
<action path="/mainAdmin"
type="com.skp.action.LoginAction" >
<forward name="Success" path="/jsp/admin/main.jsp" redirect="true"/>
</action>
Anyway, I just want to always use the LoginAction as a "Front Controller" to
my web app, and catch the status of "logged-in" etc.
This works well, but I have to use conventional <html> code and not the
html:form tag:
works:
<!-- <form name="foo" action="/uniquepear/action/mainAdmin" method="POST">
--> does not work:
<html:form action="mainAdmin">
When I use the above I get this error in the browser:
javax.servlet.ServletException: Cannot retrieve definition for form bean
null at
org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImp
l.java:495)
at org.apache.jsp.main_jsp._jspService(main_jsp.java:175)
But I have no reason to have a bean for this action.
How does one handle this problem?
Thanks
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
