Cc: Struts Users Mailing List
> Subject: Re: best practices for logging in
>
>
> You want to set a session-level boolean value (actually Boolean, not
> boolean, since you can only store proper objects in the
> session scope),
> indicating whether the user has logged in.
note that you can now combine the best aspects of versions 2 & 3 (2 involves
just struts, 3 allows xml configuration) by using the declarative exception
handling in the nightly build. in your Action superclass, just throw an
exception if the user fails the authentication test, and trap for the
Yes, you (and Torgeir Veimo in a prior message) are right, I could use
container-managed authorization. I'm just not a big fan of it -- it
hasn't bought me much, and since authorization/login check is such a
trivial amount of code, I just prefer it all under my wing. Perhaps
thats wrong.
On Su
Bryan Field-Elliot wrote:
> 3. Don't use Struts at all for your login check. Instead, use Servlet
> Filters (requires a Servlet 2.3 container such as Tomcat 4.0).
You could, of course, also use J2EE's declarative A&I features.
--
"Programmers are tools for converting caffeine into code."
-
PROTECTED]]
Sent: Sunday, February 24, 2002 11:20 AM
To: Edward Q. Bridges
Cc: Struts Users Mailing List
Subject: Re: best practices for logging in
You want to set a session-level boolean value (actually Boolean, not
boolean, since you can only store proper objects in the session scope),
indicating
> has anyone encountered special cases where they've had to come up with some
> unique way of handling logins?
Why not use container managed authentication?
You don't need to protect your pages statically using statements in web.xml.
If you need to protect specific pages, then redirect
You want to set a session-level boolean value (actually Boolean, not
boolean, since you can only store proper objects in the session scope),
indicating whether the user has logged in.
Here are three ways to build a framework with Struts to check for
"logged-inness". I've used all three in succes
what is the general "accepted practice" for handling logins and securing
access with struts?
from a review of the archive, it seems that way *not* to do it is to use a
"isLoggedIn" flag that gets passed from page to page. and, that the
canonical approach is to utilize Action.perform(...) to d
8 matches
Mail list logo