On Sun, Jul 20,'03 (01:44 PM GMT+0300), Tarek wrote:
> >>I have an application that uses beans stored in the session context.
> >If the user's session times out, he's asked to re-login on his next
> >request. For this, I'm using J2EE security; I'm not doing it
> >myself.>After the user is finished with the re-login, he's supposed
> >to complete his request, but the fact that the beans are not in the
> >session anymore produces an error.>Unfortunately, those beans are
> >specific to the last request the user made, so I cannot re-initialize
> >them in a listener for session creation.>
> >>I was wondering if there's a way to configure security so that after
> >the user logs in he's redirected to a certain page instead of being
> >able to continue his last request.>
I had the same problem.. here's what I do...
I use the servlet filter to authenticate roles and to bring me back to
the login if the role isn't set. To fix the problem with the Session
variables not being set I have ALL of my actions (which are dispatch
actions) extend a BaseDispatchAction. In this BaseDispatchAction I do
the check for a User bean being in Session scope in the
BaseDispatchAction execute method. If the bean is there, all is well,
and continue onward. If it is not it fowards the user to a SetUpAction
which in turn will forward them to the main page after the setup is
complete. (Of course if you want you could forward them back to what
page they were trying to go to if you app flow will allow it.. in my
case it was necessary to just always return them to the default home
page after login.
The execute method in the BaseDispatchAction looks like:
HttpSession session = request.getSession();
if ( session == null ||
(UserBean)session.getAttribute("userBean") == null) {
//foward user to the SetUpAction or page of your choice
return mapping.findForward(Const.SETUPF); }
else {
//all ok so proceed to doing standard dispatch action
return super.execute(mapping, form, request, response);
}
--
Rick
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
