On Sun, Jul 20,'03 (01:44 PM GMT+0300), Tarek wrote: > >>I have an application that uses beans stored in the session context. > >If the user's session times out, he's asked to re-login on his next > >request. For this, I'm using J2EE security; I'm not doing it > >myself.>After the user is finished with the re-login, he's supposed > >to complete his request, but the fact that the beans are not in the > >session anymore produces an error.>Unfortunately, those beans are > >specific to the last request the user made, so I cannot re-initialize > >them in a listener for session creation.>
> >>I was wondering if there's a way to configure security so that after > >the user logs in he's redirected to a certain page instead of being > >able to continue his last request.> I had the same problem.. here's what I do... I use the servlet filter to authenticate roles and to bring me back to the login if the role isn't set. To fix the problem with the Session variables not being set I have ALL of my actions (which are dispatch actions) extend a BaseDispatchAction. In this BaseDispatchAction I do the check for a User bean being in Session scope in the BaseDispatchAction execute method. If the bean is there, all is well, and continue onward. If it is not it fowards the user to a SetUpAction which in turn will forward them to the main page after the setup is complete. (Of course if you want you could forward them back to what page they were trying to go to if you app flow will allow it.. in my case it was necessary to just always return them to the default home page after login. The execute method in the BaseDispatchAction looks like: HttpSession session = request.getSession(); if ( session == null || (UserBean)session.getAttribute("userBean") == null) { //foward user to the SetUpAction or page of your choice return mapping.findForward(Const.SETUPF); } else { //all ok so proceed to doing standard dispatch action return super.execute(mapping, form, request, response); } -- Rick --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]