Scott.
I have architectured an application a little over a year ago...
And opted to use a filter to handle logic before getting into the Struts
portion of the application.
At first... I was unsure if this was the best way to go... but today I am
sure glad I did so.
The users started making riduculous demands... since they have the stash
of money it is hard to tell them they are crazy!
As an example, they wanted the application to update a database (another
system) with the requested pages... plus with some detailed information.
This was not availble in the standard log files.
Since this was not the goal of the application but an external user
request (dumb one) I simply used the HTTP Client to fire off a post to a
page and don't really care what happens afterwards.
The filter gave me an incredibly efficient option to handle changes
without affecting the application logic at all.
SInce then I have had other twisted requests!
Finally, if ever I need to remove this feature... it can be done in 5
minutes!
- Glenn
"Scott Purcell" <[EMAIL PROTECTED]>
08/04/2005 10:28 AM
Please respond to "Struts Users Mailing List"
To: <user@struts.apache.org>
cc: (bcc: Glenn Deschenes/NAT/CMHC-SCHL/CA)
Subject: Authorized Site Creation With Struts
Classification:
Hello,
First off, I am having trouble with creating a more elegant solution to a
proboem.
A- Problem, I have a site that requires authentication (form-based) when
they hit our site.
Upon building the site which requires an "AppObject" and "UserObject",
I subclassed the
RequestProcessor, and put in logic to ensure that both objects
existed.
This works good.
Next, I needed to find out when a user's session expired. Upon further
investigation,
I subclassed an Action class and added a new executeAction(signature)
that pulled in
the AppObject and UserObject that were in the session from the Request
Processor.
I then checked if the UserObject had a logged-in flag. If so, great,
they can work, else
I would throw them to the front door and create a ActionMessage that
says "Session Expired".
All of this works, and does its job. Problem is now, I am not happy with
my creation. It screwed with my ability to use
DispatchAction and LookupDispatchAction. Two things I wasn't sure I would
need when I began.
Anyway, I have searched and searched, and was hoping someone may have a
better way to handle
this session-management possibly all in the RequestProcesor?
The problem I am finding, is that I create new UserObject and AppObject
each time someone comes through, because I do not know if they
are new or returning users. It is not until they are looking for an inside
page, that I am aware they are not valid.
Does this make sense? I figured a lot of you out there may have this same
type of secure site. Any ideas?
Thanks,
Scott K Purcell
