open new window from struts page, leaves [object] in parent window
Hi, I guess this has been asked before, but I can't find the answer.. I've got a struts generated page, from which I want to open a new window. I do this with the following line, and I get my new window just like I want a href=javascript:window.open('%= request.getContextPath() %/dataimages/bean:write name=itemForm property=itemValue.imagePath/') click here /a but the original window then contains a page that says [object] - literally that!! How do I get the original window not to change from what it displayed before I click on the above link? Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: open new window from struts page, leaves [object] in parent w indow
Thanks Domingo, that fixed it! Martin -Original Message- From: Domingo A. Rodriguez S. [mailto:[EMAIL PROTECTED] Sent: 18 February 2004 21:05 To: Struts Users Mailing List Subject: RE: open new window from struts page, leaves [object] in parent w indow Use javascript:var handle= window.open(..) instead of javascript:window.open(..) Regards Domingo A. Rodriguez S. --- Gopalakrishnan, Jayesh [EMAIL PROTECTED] escribió: This is more of a javascript issue than Struts thing. I guess you are missing a return false; at the end of the javascript. Try the script on a simple html page verify that it works as expected. I have seen such links use the onclick event rather than the href, like, a href=javascript:void(0); onClick=javascript:window.open(..)/a possibly to prevent the script from appearing on the status barnot sure. hth -jayash -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 12:27 PM To: [EMAIL PROTECTED] Subject: open new window from struts page, leaves [object] in parent window Hi, I guess this has been asked before, but I can't find the answer.. I've got a struts generated page, from which I want to open a new window. I do this with the following line, and I get my new window just like I want a href=javascript:window.open('%= request.getContextPath() %/dataimages/bean:write name=itemForm property=itemValue.imagePath/') click here /a but the original window then contains a page that says [object] - literally that!! How do I get the original window not to change from what it displayed before I click on the above link? Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
???working example of form based jaas auth in struts application???
Has anyone got such a thing? Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
form based auth and session timeout and post data
Hi, I've got a struts based app using form based authentication (started out as xpetstore). I have a situation where if I'm on a web form protected by role based security, and the session times out, and then I submit the form, I get to the login page, login, but then the original form data is lost. According to the log data, it's looking for an ActionForm of a different name according to whether the session has timed out or not!!! I thought this stuff was statically configured. When there is no time out, the log looks like this: 2004-03-25 19:40:19,350 INFO [xpetstore.web.filter.SignOnFilter] doFilter() 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] user=bug1b 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] isSignedIn=true 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] uri=/MotoringMemorabilia/updateCustomer.jspa 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] _login=/login.jspa 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /updateCustomer.jspa 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Processing a 'POST' for path '/updateCustomer' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'existingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.customer.ExistingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] -- [EMAIL PROTECTED] 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Storing ActionForm bean instance in scope 'request' under attribute key 'existingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Populating bean properties from this request 2004-03-25 19:40:19,360 DEBUG [org.apache.struts.action.RequestProcessor] Validating input form properties 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] No errors detected, accepting input 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] Looking for Action instance for class xpetstore.web.struts.action.customer.UpdateCustomerAction 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] Creating new Action instance 2004-03-25 19:40:19,370 INFO [xpetstore.web.struts.action.customer.UpdateCustomerAction] execute() When there is a timeout the log goes like this: 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'newCustomerForm' 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.customer.NewCustomerForm' 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] -- [EMAIL PROTECTED] 2004-03-25 20:10:56,918 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /index.jsp 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /cart.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /signon.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /search.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'searchForm' 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.product.SearchForm' 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] -- [EMAIL PROTECTED] 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /index.jsp 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /category.jspa?categoryId=SIGNS The relevant action configuration looks like this: action path=/updateCustomer type=xpetstore.web.struts.action.customer.UpdateCustomerAction name=existingCustomerForm scope=request input=/myaccount.jsp unknown=false validate=true set-property
RE: form based auth and session timeout and post data
Hi Adam, I modified the filter from xpetstore when I introduced container based security. It should now redirect the user to the signonAction to synchronise container based auth with session based (legacy) record of the logged in user. Thinking about it there could be some problems in there, but in the session timeout scenario, the SignonFilter doesn't get hit straight away (unlike the non-timeout scenario). I guess the order of play is: Container based security Filter ActionServlet Can't work out why the filter would appear to be bypassed. Any ideas? Thanks for helping. Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 25 March 2004 21:18 To: Struts Users Mailing List Subject: Re: form based auth and session timeout and post data That's one mean filter. It's not part of struts but judging merely from its name, it's obviously built into the app security. What does xpetstore say it's meant to do? Have you checked the filter's javadoc? Adam On 03/25/2004 10:07 PM Martin Alley wrote: Hi, I've got a struts based app using form based authentication (started out as xpetstore). I have a situation where if I'm on a web form protected by role based security, and the session times out, and then I submit the form, I get to the login page, login, but then the original form data is lost. According to the log data, it's looking for an ActionForm of a different name according to whether the session has timed out or not!!! I thought this stuff was statically configured. When there is no time out, the log looks like this: 2004-03-25 19:40:19,350 INFO [xpetstore.web.filter.SignOnFilter] doFilter() 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] user=bug1b 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] isSignedIn=true 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] uri=/MotoringMemorabilia/updateCustomer.jspa 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] _login=/login.jspa 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /updateCustomer.jspa 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Processing a 'POST' for path '/updateCustomer' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'existingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.customer.ExistingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] -- [EMAIL PROTECTED] 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Storing ActionForm bean instance in scope 'request' under attribute key 'existingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Populating bean properties from this request 2004-03-25 19:40:19,360 DEBUG [org.apache.struts.action.RequestProcessor] Validating input form properties 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] No errors detected, accepting input 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] Looking for Action instance for class xpetstore.web.struts.action.customer.UpdateCustomerAction 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] Creating new Action instance 2004-03-25 19:40:19,370 INFO [xpetstore.web.struts.action.customer.UpdateCustomerAction] execute() When there is a timeout the log goes like this: 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'newCustomerForm' 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.customer.NewCustomerForm' 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] -- [EMAIL PROTECTED] 2004-03-25 20:10:56,918 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /index.jsp 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /cart.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /signon.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /search.jspa
How does ActionForm data pass through container called form based login page?
Hi, Suppose I've got a web based form that posts data to an action, and I have that action protected by container form based authorization - how does the ActionForm data get through. I have a situation like this, and my ActionForm is empty after I've been through the form-based login page. One could say - stick the input form in the constrained area also, so the login page doesn't come between the input form and the action that processes it - but this is actually occurring when a session times out whilst sitting at the input form. Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
Well I've just simplified by login form - plain html - no struts stuff going on. I've also simplified the filter so detects a fresh logon and starts a session accordingly - no longer any redirecting to LoginAction. However the critical behaviour is still the same - existingCustomerForm - the one I need to survive the login process still ends up getting trashed. I'm wondering if I have to make every form (that might span a session timeout) part of the login page so that it stays alive - this sounds like a ridiculous solution. Has anyone else got a solution? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 09:41 To: [EMAIL PROTECTED] Subject: How does ActionForm data pass through container called form based login page? Hi, Suppose I've got a web based form that posts data to an action, and I have that action protected by container form based authorization - how does the ActionForm data get through. I have a situation like this, and my ActionForm is empty after I've been through the form-based login page. One could say - stick the input form in the constrained area also, so the login page doesn't come between the input form and the action that processes it - but this is actually occurring when a session times out whilst sitting at the input form. Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
Hi Joe, I might be able to put some general code in the login form (as a jsp) that puts all form data present in the previous page into the login form so it could be passed on, but that will still leave the problem of the method becomes GET instead of POST. I'm really hoping there's a more elegant solution - after this technology's been around for a while! Thanks Martin -Original Message- From: Joe Germuska [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 14:21 To: Struts Users Mailing List Subject: RE: How does ActionForm data pass through container called form based login page? At 1:59 PM + 3/26/04, Martin Alley wrote: Well I've just simplified by login form - plain html - no struts stuff going on. I've also simplified the filter so detects a fresh logon and starts a session accordingly - no longer any redirecting to LoginAction. However the critical behaviour is still the same - existingCustomerForm - the one I need to survive the login process still ends up getting trashed. I'm wondering if I have to make every form (that might span a session timeout) part of the login page so that it stays alive - this sounds like a ridiculous solution. Has anyone else got a solution? It may be a little ridiculous, but if the security implementation doesn't pass along form data when it forwards to the intended destination, then there's not much you can do about it. I'm assuming that the container is intercepting before Struts ever gets a chance to create an ActionForm based on the submission, so I don't think that making them session scoped is likely to help. This probably doesn't constitute a solution, but perhaps extending the session timeout would help a bit. Perhaps you could come up with some kind of javascript hack which calls a URL against the struts app periodically to keep the session alive? Joe -- Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining. -- Jef Raskin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
Paddy, Looks like you've been here before!! :-) It'll take me a bit of time to digest this, but I'll have a look. Does this actually work for you? Thanks Martin -Original Message- From: Pady Srinivasan [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 15:21 To: Struts Users Mailing List Subject: RE: How does ActionForm data pass through container called form based login page? This is the only solution I can think of: public class RedirectServletRequest extends HttpServletRequest { public RedirectServletRequest(HttpServletRequest req) { this.request = req; } public String getParameter(String name) { if ( request.getParameter(name) == null ) { String paramVal = (String)request.getSession(). getAttribute(TEMP_SAVED_PARAM); request.getSession().removeAttribute(TEMP_SAVED_PARAM); return paramVal; } return (String)request.getParameter(name); } // override all other methods using the delegate request } public class RedirectActionServlet extends ActionServlet { public void doPost(HttpServletRequest request, ...) { process(new RedirectActionServlet(request), response); } public void doGet(HttpServletRequest request, ...) { process(new RedirectActionServlet(request), response); } } public class LoginFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; ServletContext context = filterConfig.getServletContext(); If ( !loggedIn ) { // save all parameters to session // save current URI as REDIRECT_URI in session // redirect to login action } } public class LoginAction extends Action { public void execute(...) { // do login // login success // redirect to REDIRECT_URI } } Thanks -- pady [EMAIL PROTECTED] -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 8:59 AM To: 'Struts Users Mailing List' Subject: RE: How does ActionForm data pass through container called form based login page? Well I've just simplified by login form - plain html - no struts stuff going on. I've also simplified the filter so detects a fresh logon and starts a session accordingly - no longer any redirecting to LoginAction. However the critical behaviour is still the same - existingCustomerForm - the one I need to survive the login process still ends up getting trashed. I'm wondering if I have to make every form (that might span a session timeout) part of the login page so that it stays alive - this sounds like a ridiculous solution. Has anyone else got a solution? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 09:41 To: [EMAIL PROTECTED] Subject: How does ActionForm data pass through container called form based login page? Hi, Suppose I've got a web based form that posts data to an action, and I have that action protected by container form based authorization - how does the ActionForm data get through. I have a situation like this, and my ActionForm is empty after I've been through the form-based login page. One could say - stick the input form in the constrained area also, so the login page doesn't come between the input form and the action that processes it - but this is actually occurring when a session times out whilst sitting at the input form. Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This e-mail has been scanned by the Heroix e-mail security system __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
I think I need to do some simple test cases - with and without struts. Martin -Original Message- From: Joe Germuska [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 15:20 To: Struts Users Mailing List Subject: RE: How does ActionForm data pass through container called form based login page? I might be able to put some general code in the login form (as a jsp) that puts all form data present in the previous page into the login form so it could be passed on, but that will still leave the problem of the method becomes GET instead of POST. I'm really hoping there's a more elegant solution - after this technology's been around for a while! Yeah, but there are some basic limitations to the container managed security model, and I haven't heard any signs that they are being addressed. For example, container managed security doesn't allow you to present a login form to a user as a component of any page besides the single registered form, and it doesn't allow you to server resources from one path with two different states, user authorized or not authorized... Both of those are standard in modern webapps, but there's no clean way to handle them using container managed security. (I saw a JDJ article last year that had some work arounds...) So that said, it may not be surprising that the container managed security model also has no support for continuing the flow of request data to the originally requested URL after logging in. Joe -- Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining. -- Jef Raskin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does ActionForm data pass through container called form based login page?
I'll be very interested to here the outcome... Thanks Martin -Original Message- From: Pady Srinivasan [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 16:07 To: Struts Users Mailing List Subject: RE: How does ActionForm data pass through container called form based login page? We were going to implement this today or early next week :-)...looking at the code, I feel you don't need to extend ActionServlet at all. Instead the filter will create the request before forwarding to the ActionServlet. public class LoginFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; ServletContext context = filterConfig.getServletContext(); If ( !loggedIn ) { // save all parameters to session // save current URI as REDIRECT_URI in session // redirect to login action } else if ( redirectUriIsSet ) { RedirectServletRequest newreq = new RedirectServletRequest(request); Chain.doFilter(newreq, response); } } Thanks -- pady [EMAIL PROTECTED] -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 10:35 AM To: 'Struts Users Mailing List' Subject: RE: How does ActionForm data pass through container called form based login page? Paddy, Looks like you've been here before!! :-) It'll take me a bit of time to digest this, but I'll have a look. Does this actually work for you? Thanks Martin -Original Message- From: Pady Srinivasan [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 15:21 To: Struts Users Mailing List Subject: RE: How does ActionForm data pass through container called form based login page? This is the only solution I can think of: public class RedirectServletRequest extends HttpServletRequest { public RedirectServletRequest(HttpServletRequest req) { this.request = req; } public String getParameter(String name) { if ( request.getParameter(name) == null ) { String paramVal = (String)request.getSession(). getAttribute(TEMP_SAVED_PARAM); request.getSession().removeAttribute(TEMP_SAVED_PARAM); return paramVal; } return (String)request.getParameter(name); } // override all other methods using the delegate request } public class RedirectActionServlet extends ActionServlet { public void doPost(HttpServletRequest request, ...) { process(new RedirectActionServlet(request), response); } public void doGet(HttpServletRequest request, ...) { process(new RedirectActionServlet(request), response); } } public class LoginFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; ServletContext context = filterConfig.getServletContext(); If ( !loggedIn ) { // save all parameters to session // save current URI as REDIRECT_URI in session // redirect to login action } } public class LoginAction extends Action { public void execute(...) { // do login // login success // redirect to REDIRECT_URI } } Thanks -- pady [EMAIL PROTECTED] -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 8:59 AM To: 'Struts Users Mailing List' Subject: RE: How does ActionForm data pass through container called form based login page? Well I've just simplified by login form - plain html - no struts stuff going on. I've also simplified the filter so detects a fresh logon and starts a session accordingly - no longer any redirecting to LoginAction. However the critical behaviour is still the same - existingCustomerForm - the one I need to survive the login process still ends up getting trashed. I'm wondering if I have to make every form (that might span a session timeout) part of the login page so that it stays alive - this sounds like a ridiculous solution. Has anyone else got a solution? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 26 March 2004 09:41 To: [EMAIL PROTECTED] Subject: How does ActionForm data pass through container called form based login page? Hi, Suppose I've got a web based form that posts data to an action, and I have that action protected by container form based authorization - how does the ActionForm data get through. I have a situation like