RE: best practices for logging in

2002-02-25 Thread Bill Page
Cc: Struts Users Mailing List > Subject: Re: best practices for logging in > > > You want to set a session-level boolean value (actually Boolean, not > boolean, since you can only store proper objects in the > session scope), > indicating whether the user has logged in.

Re: best practices for logging in

2002-02-25 Thread Andre Beskrowni
note that you can now combine the best aspects of versions 2 & 3 (2 involves just struts, 3 allows xml configuration) by using the declarative exception handling in the nightly build. in your Action superclass, just throw an exception if the user fails the authentication test, and trap for the

Re: best practices for logging in

2002-02-24 Thread Bryan Field-Elliot
Yes, you (and Torgeir Veimo in a prior message) are right, I could use container-managed authorization. I'm just not a big fan of it -- it hasn't bought me much, and since authorization/login check is such a trivial amount of code, I just prefer it all under my wing. Perhaps thats wrong. On Su

Re: best practices for logging in

2002-02-24 Thread Robert Claeson
Bryan Field-Elliot wrote: > 3. Don't use Struts at all for your login check. Instead, use Servlet > Filters (requires a Servlet 2.3 container such as Tomcat 4.0). You could, of course, also use J2EE's declarative A&I features. -- "Programmers are tools for converting caffeine into code." -

RE: best practices for logging in

2002-02-24 Thread subhendukumar mohanty
PROTECTED]] Sent: Sunday, February 24, 2002 11:20 AM To: Edward Q. Bridges Cc: Struts Users Mailing List Subject: Re: best practices for logging in You want to set a session-level boolean value (actually Boolean, not boolean, since you can only store proper objects in the session scope), indicating

Re: best practices for logging in

2002-02-24 Thread Torgeir Veimo
> has anyone encountered special cases where they've had to come up with some > unique way of handling logins? Why not use container managed authentication? You don't need to protect your pages statically using statements in web.xml. If you need to protect specific pages, then redirect

Re: best practices for logging in

2002-02-24 Thread Bryan Field-Elliot
You want to set a session-level boolean value (actually Boolean, not boolean, since you can only store proper objects in the session scope), indicating whether the user has logged in. Here are three ways to build a framework with Struts to check for "logged-inness". I've used all three in succes

best practices for logging in

2002-02-24 Thread Edward Q. Bridges
what is the general "accepted practice" for handling logins and securing access with struts? from a review of the archive, it seems that way *not* to do it is to use a "isLoggedIn" flag that gets passed from page to page. and, that the canonical approach is to utilize Action.perform(...) to d