Why is everyone wishing for us to create new specialized tags? What is
wrong with writing Java code in <% %> tags? These are *Java*Server Pages
after all. Come on people, you have all the flexibility in the world with
the <% %> tags.
Dan
> ----------
> From: Drew Cox[SMTP:[EMAIL PROTECTED]]
> Reply To: Drew Cox
> Sent: Tuesday, March 30, 1999 6:31 PM
> To: [EMAIL PROTECTED]
> Subject: Re: How to force user to login
>
> Hi all,
>
> I think I understand the basic mechanism you need to implement to force
> un-authenticated users to a login screen by checking for specific
> information that is stored in the session when they login successfully.
>
> My questions is, is there a method to invoke this authentication check
> on JSP pages using only the JSP tags, rather than embedding the required
> Java code in "<% %>" tags ? As has been discussed frequently on this
> list previsouly, it's very nice if you can keep the JSP pages pure HTML
> and JSP tags.
>
> I'm thinking this situation could be staistfied if there was a tag that
> allowed you to invoke abitary methods on a bean (even passing
> parameters!). This facility would actually solve a LOT of design
> queries I am having at the moment, while still keeping the HTML monkeys
> out of the Java code.
>
> Another thought is that perhaps this can be done by a
> page(request?)-scope bean with the functionality embedded in it's
> constructor (or is there some other method that is invoked when a bean
> is instantiated ?).
>
> Apologies for my ignorance of JSP, I have read the spec, but I'm just
> starting out....
>
> Drew
>
> > -----Original Message-----
> > From: Kirkdorffer, Daniel [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, 31 March 1999 3:24
> > To: [EMAIL PROTECTED]
> > Subject: Re: How to force user to login
> >
> > Andre,
> >
> > What if your user accesses multiple applications with their one
> > browser
> > session, and these also have a CustomerID. I think it is a good idea
> > to
> > consider application space when working with session storage. At
> > first we
> > didn't consider doing that, but as we developed more web apps with JSP
> > discovered we had to to protect what each app would store with
> > session, and
> > to ensure logging in to one app didn't bypass the need to log in to
> > another.
> >
> > I also think that people should avoid doing explicit
> > session.invalidate(),
> > which could wipe out session info used elsewhere. Browser shutdown,
> > session
> > timeout, or removal of application specific stuff on app exit are the
> > better
> > alternatives.
> >
> > Dan
> >
> > > ----------
> > > From: Andre Richards[SMTP:[EMAIL PROTECTED]]
> > > Reply To: Andre Richards
> > > Sent: Monday, March 29, 1999 10:17 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: How to force user to login
> > >
> > > I did as follows:
> > > On every page which must be authenticated, I check for a user ID in
> > the
> > > session object - if it doesn't exit, I do a redirect to a login
> > page,
> > > passing the url the user was trying to access as a parameter.
> > >
> > > On the login page, if the user successfully logs in, I create a
> > session
> > > for
> > > him/her, and add the user ID to the session. I then redirect back to
> > the
> > > original page the user tried to access. This way, even if the user
> > > bookmarks
> > > a page, he/she will be asked to login once the session has become
> > invalid.
> > >
> > > Some code:
> > > On every page I add the following:
> > >
> > > HttpSession session = request.getSession(true);
> > > if (session.getValue("CustomerID") == null) {
> > > response.sendRedirect (response.encodeRedirectUrl
> > > ("Login.jsp?Origin=SharePortfolio.jsp"));
> > > }
> > > else {
> > > // the rest of the page ...
> > >
> > > In Login.jsp once the user has provided the correct logon
> > credentials:
> > > session.putValue("CustomerID", CustomerID);
> > > response.sendRedirect
> > > (response.encodeRedirectUrl(request.getParameter("Origin")));
> > >
> > >
> > > -----Original Message-----
> > > From: Andrey Sazonov <[EMAIL PROTECTED]>
> > > To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> > > Date: Friday, March 26, 1999 6:42 PM
> > > Subject: How to force user to login
> > >
> > >
> > > >Hi all!
> > > >
> > > >I have following design problem and I hope anybody can help me.I
> > need to
> > > >develop web based
> > > >access to the database. Every user who try to work with this system
> > need
> > > to
> > > >log in before real access
> > > >to database. It works fine with session tracking mechanism (access
> > to
> > > >database provided by set
> > > >of appropriate servlets and beans).
> > > >But problem occurs when the user bookmarked some page and the tries
> > to
> > > come
> > > >directly to bookmarked page.
> > > >Does anybody know the way how to prevent this and show login page
> > instead
> > > >bookmarked one?
> > > >
> > > >I think this could be implemented by processing of all request to
> > whole
> > > site
> > > >by one servlet, which will
> > > >further dispatch all requests, but I'm afraid this could apply
> > additional
> > > >bottleneck to system.
> > > >
> > > >---------------------------
> > > >Sincerely
> > > >Andrey Sazonov
> > > >([EMAIL PROTECTED])
> > > >
> > >
> > >=====================================================================
> > ====
> > > ==
> > > >To unsubscribe, send email to [EMAIL PROTECTED] and include in
> > the
> > > body
> > > >of the message "signoff JSP-INTEREST". For general help, send
> > email to
> > > >[EMAIL PROTECTED] and include in the body of the message
> > "help".
> > >
> > >
> > ======================================================================
> > ====
> > > =
> > > To unsubscribe, send email to [EMAIL PROTECTED] and include in
> > the
> > > body
> > > of the message "signoff JSP-INTEREST". For general help, send email
> > to
> > > [EMAIL PROTECTED] and include in the body of the message "help".
> > >
> >
> > ======================================================================
> > =====
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> > body
> > of the message "signoff JSP-INTEREST". For general help, send email
> > to
> > [EMAIL PROTECTED] and include in the body of the message "help".
>
> ==========================================================================
> =
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> of the message "signoff JSP-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JSP-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
