murali vivekanandan wrote:
> Great inputs by Mr. McClanahan and other in this thread.
>
> In our application we have one servlet for each form and in addition to the
> action class with validated parameters, it validates the session. For ex. to
> access his account, the user should have logged in first(which is stored in
> the session). This is different for each form.
>
> Where and how do think we can do, if we follow your model for one controller
> servlet?
>
What I do is build in a check in the doGet/doPost methods of the controller
servlet, and check for the existence of a particular object in the user's
session that is only put there by a successful login. This object is removed
when the user executes your logout function, and is essentially removed by a
session timeout (since it won't be there the next time the user makes a request
-- they'll have just started a new sessiion) Then, the pseudo-code of
processing a request would be something like this:
Check for existence of the login-succeeded object
if (login object is there) {
Call the action class being requested
} else {
Display the login page
}
You'd need a special check that allowed the "process login" action to be
processed even if the user wasn't logged on.
In the "process login" action, after you are satisfied the user has been
authenticated, you add the appropriate login object to the user's session).
When they execute your logout function, just remove this object and invalidate
the session.
>
> I am a newbie to architecture, so hope you dont mind if this is a up to the
> par question.
>
> Thanks,
> Murali Vivekanandan.
>
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
