Actually, my proposal would be sufficient to cover both examples you
suggested, since they could be implemented using the sessionCheck() method.
However, I think the key is determining the right set of sufficiently common
and useful checks that could be built in, so that only struts-config.xml
need be modified to implement them. As you point out, the one I mentioned
(which I plucked straight from the original post on this thread) is not the
only candidate.
--
Martin Cooper
----- Original Message -----
From: "Oleg V Alexeev" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, June 24, 2001 2:03 AM
Subject: Re[2]: Controller loads forms before validating logon/session
> Hello Martin,
>
> Sunday, June 24, 2001, 11:42:13 AM, you wrote:
>
> MC> This seems to me to be a "necessary but not sufficient" check. That
is, to
> MC> ascertain that a valid user is logged on, it may be necessary to check
for
> MC> the existence of a particular session attribute, but it is unlikely
that
> MC> such a test, by itself, will be sufficient to make the determination.
>
> MC> Here's a somewhat more elaborate suggestion for how logon/session
validation
> MC> might be handled.
>
> MC> 1) In struts-config.xml, allow an optional entity <session-check>,
which has
> MC> two optional (and mutually exclusive) attributes, 'attribute' and
'type',
> MC> and which allows <forward> entities within it.
>
> MC> 2) If the 'attribute' attribute is set, Struts will check for the
existence
> MC> of an attribute with this name in the session. If it is not present,
and a
> MC> <forward> named "default" exists, Struts will forward (or redirect)
> MC> according to that forward.
>
> MC> 3) If the 'type' attribute is set, Struts will first instantiate an
object
> MC> of the class specified by that attribute, and then call the
sessionCheck()
> MC> method on that object. This method returns the ActionForward object
for
> MC> where to go next, or null if everything is OK.
>
> MC> Does this make sense?
>
> It is "necessary but not sufficient" too... 8))
>
> i think taht next two additions for <session-check> can be very
> helpful.
>
> 1. Role attribute - if user is not logged on or is not in specified
> role then forward to the 'hard' forward from the attribute or to
> the 'soft' forward via object (specified by type attribute).
> 2. User attribute - if user is not logged on or his name is not equal
> to the 'user' attribute value, then use 'hard' or 'soft' forwards
> as target to jump.
>
> --
> Best regards,
> Oleg mailto:[EMAIL PROTECTED]
>
>
