I think it's better to use standard XML tags like the following
<abc></abc> rather than special <% %> tags.
On Wed, 31 Mar 1999, Kirkdorffer, Daniel wrote:
> Why is everyone wishing for us to create new specialized tags? What is
> wrong with writing Java code in <% %> tags? These are *Java*Server Pages
> after all. Come on people, you have all the flexibility in the world with
> the <% %> tags.
>
> Dan
>
> > ----------
> > From: Drew Cox[SMTP:[EMAIL PROTECTED]]
> > Reply To: Drew Cox
> > Sent: Tuesday, March 30, 1999 6:31 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: How to force user to login
> >
> > Hi all,
> >
> > I think I understand the basic mechanism you need to implement to force
> > un-authenticated users to a login screen by checking for specific
> > information that is stored in the session when they login successfully.
> >
> > My questions is, is there a method to invoke this authentication check
> > on JSP pages using only the JSP tags, rather than embedding the required
> > Java code in "<% %>" tags ? As has been discussed frequently on this
> > list previsouly, it's very nice if you can keep the JSP pages pure HTML
> > and JSP tags.
> >
> > I'm thinking this situation could be staistfied if there was a tag that
> > allowed you to invoke abitary methods on a bean (even passing
> > parameters!). This facility would actually solve a LOT of design
> > queries I am having at the moment, while still keeping the HTML monkeys
> > out of the Java code.
> >
> > Another thought is that perhaps this can be done by a
> > page(request?)-scope bean with the functionality embedded in it's
> > constructor (or is there some other method that is invoked when a bean
> > is instantiated ?).
> >
> > Apologies for my ignorance of JSP, I have read the spec, but I'm just
> > starting out....
> >
> > Drew
> >
> > > -----Original Message-----
> > > From: Kirkdorffer, Daniel [SMTP:[EMAIL PROTECTED]]
> > > Sent: Wednesday, 31 March 1999 3:24
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: How to force user to login
> > >
> > > Andre,
> > >
> > > What if your user accesses multiple applications with their one
> > > browser
> > > session, and these also have a CustomerID. I think it is a good idea
> > > to
> > > consider application space when working with session storage. At
> > > first we
> > > didn't consider doing that, but as we developed more web apps with JSP
> > > discovered we had to to protect what each app would store with
> > > session, and
> > > to ensure logging in to one app didn't bypass the need to log in to
> > > another.
> > >
> > > I also think that people should avoid doing explicit
> > > session.invalidate(),
> > > which could wipe out session info used elsewhere. Browser shutdown,
> > > session
> > > timeout, or removal of application specific stuff on app exit are the
> > > better
> > > alternatives.
> > >
> > > Dan
> > >
> > > > ----------
> > > > From: Andre Richards[SMTP:[EMAIL PROTECTED]]
> > > > Reply To: Andre Richards
> > > > Sent: Monday, March 29, 1999 10:17 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: How to force user to login
> > > >
> > > > I did as follows:
> > > > On every page which must be authenticated, I check for a user ID in
> > > the
> > > > session object - if it doesn't exit, I do a redirect to a login
> > > page,
> > > > passing the url the user was trying to access as a parameter.
> > > >
> > > > On the login page, if the user successfully logs in, I create a
> > > session
> > > > for
> > > > him/her, and add the user ID to the session. I then redirect back to
> > > the
> > > > original page the user tried to access. This way, even if the user
> > > > bookmarks
> > > > a page, he/she will be asked to login once the session has become
> > > invalid.
> > > >
> > > > Some code:
> > > > On every page I add the following:
> > > >
> > > > HttpSession session = request.getSession(true);
> > > > if (session.getValue("CustomerID") == null) {
> > > > response.sendRedirect (response.encodeRedirectUrl
> > > > ("Login.jsp?Origin=SharePortfolio.jsp"));
> > > > }
> > > > else {
> > > > // the rest of the page ...
> > > >
> > > > In Login.jsp once the user has provided the correct logon
> > > credentials:
> > > > session.putValue("CustomerID", CustomerID);
> > > > response.sendRedirect
> > > > (response.encodeRedirectUrl(request.getParameter("Origin")));
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Andrey Sazonov <[EMAIL PROTECTED]>
> > > > To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> > > > Date: Friday, March 26, 1999 6:42 PM
> > > > Subject: How to force user to login
> > > >
> > > >
> > > > >Hi all!
> > > > >
> > > > >I have following design problem and I hope anybody can help me.I
> > > need to
> > > > >develop web based
> > > > >access to the database. Every user who try to work with this system
> > > need
> > > > to
> > > > >log in before real access
> > > > >to database. It works fine with session tracking mechanism (access
> > > to
> > > > >database provided by set
> > > > >of appropriate servlets and beans).
> > > > >But problem occurs when the user bookmarked some page and the tries
> > > to
> > > > come
> > > > >directly to bookmarked page.
> > > > >Does anybody know the way how to prevent this and show login page
> > > instead
> > > > >bookmarked one?
> > > > >
> > > > >I think this could be implemented by processing of all request to
> > > whole
> > > > site
> > > > >by one servlet, which will
> > > > >further dispatch all requests, but I'm afraid this could apply
> > > additional
> > > > >bottleneck to system.
> > > > >
> > > > >---------------------------
> > > > >Sincerely
> > > > >Andrey Sazonov
> > > > >([EMAIL PROTECTED])
> > > > >
> > > >
> > > >=====================================================================
> > > ====
> > > > ==
> > > > >To unsubscribe, send email to [EMAIL PROTECTED] and include in
> > > the
> > > > body
> > > > >of the message "signoff JSP-INTEREST". For general help, send
> > > email to
> > > > >[EMAIL PROTECTED] and include in the body of the message
> > > "help".
> > > >
> > > >
> > > ======================================================================
> > > ====
> > > > =
> > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in
> > > the
> > > > body
> > > > of the message "signoff JSP-INTEREST". For general help, send email
> > > to
> > > > [EMAIL PROTECTED] and include in the body of the message "help".
> > > >
> > >
> > > ======================================================================
> > > =====
> > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> > > body
> > > of the message "signoff JSP-INTEREST". For general help, send email
> > > to
> > > [EMAIL PROTECTED] and include in the body of the message "help".
> >
> > ==========================================================================
> > =
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> > body
> > of the message "signoff JSP-INTEREST". For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
> >
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff JSP-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
------------------------------------------------------------------------
Jim Tsang Phone: (510) 628-0100
Scientific Applications Specialist Fax: (510) 628-0108
Pangea Systems Inc. email: [EMAIL PROTECTED]
1999 Harrison Street, Suite 1100 URL: http://www.panbio.com
Oakland, CA 94612
------------------------------------------------------------------------
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JSP-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
