Scott. I have architectured an application a little over a year ago... And opted to use a filter to handle logic before getting into the Struts portion of the application. At first... I was unsure if this was the best way to go... but today I am sure glad I did so.
The users started making riduculous demands... since they have the stash of money it is hard to tell them they are crazy! As an example, they wanted the application to update a database (another system) with the requested pages... plus with some detailed information. This was not availble in the standard log files. Since this was not the goal of the application but an external user request (dumb one) I simply used the HTTP Client to fire off a post to a page and don't really care what happens afterwards. The filter gave me an incredibly efficient option to handle changes without affecting the application logic at all. SInce then I have had other twisted requests! Finally, if ever I need to remove this feature... it can be done in 5 minutes! - Glenn "Scott Purcell" <[EMAIL PROTECTED]> 08/04/2005 10:28 AM Please respond to "Struts Users Mailing List" To: <user@struts.apache.org> cc: (bcc: Glenn Deschenes/NAT/CMHC-SCHL/CA) Subject: Authorized Site Creation With Struts Classification: Hello, First off, I am having trouble with creating a more elegant solution to a proboem. A- Problem, I have a site that requires authentication (form-based) when they hit our site. Upon building the site which requires an "AppObject" and "UserObject", I subclassed the RequestProcessor, and put in logic to ensure that both objects existed. This works good. Next, I needed to find out when a user's session expired. Upon further investigation, I subclassed an Action class and added a new executeAction(signature) that pulled in the AppObject and UserObject that were in the session from the Request Processor. I then checked if the UserObject had a logged-in flag. If so, great, they can work, else I would throw them to the front door and create a ActionMessage that says "Session Expired". All of this works, and does its job. Problem is now, I am not happy with my creation. It screwed with my ability to use DispatchAction and LookupDispatchAction. Two things I wasn't sure I would need when I began. Anyway, I have searched and searched, and was hoping someone may have a better way to handle this session-management possibly all in the RequestProcesor? The problem I am finding, is that I create new UserObject and AppObject each time someone comes through, because I do not know if they are new or returning users. It is not until they are looking for an inside page, that I am aware they are not valid. Does this make sense? I figured a lot of you out there may have this same type of secure site. Any ideas? Thanks, Scott K Purcell