This seems to me to be a "necessary but not sufficient" check. That is, to
ascertain that a valid user is logged on, it may be necessary to check for
the existence of a particular session attribute, but it is unlikely that
such a test, by itself, will be sufficient to make the determination.
Here's a somewhat more elaborate suggestion for how logon/session validation
might be handled.
1) In struts-config.xml, allow an optional entity <session-check>, which has
two optional (and mutually exclusive) attributes, 'attribute' and 'type',
and which allows <forward> entities within it.
2) If the 'attribute' attribute is set, Struts will check for the existence
of an attribute with this name in the session. If it is not present, and a
<forward> named "default" exists, Struts will forward (or redirect)
according to that forward.
3) If the 'type' attribute is set, Struts will first instantiate an object
of the class specified by that attribute, and then call the sessionCheck()
method on that object. This method returns the ActionForward object for
where to go next, or null if everything is OK.
Does this make sense?
--
Martin Cooper
