Hello Martin,
Sunday, June 24, 2001, 11:42:13 AM, you wrote:
MC> This seems to me to be a "necessary but not sufficient" check. That is, to
MC> ascertain that a valid user is logged on, it may be necessary to check for
MC> the existence of a particular session attribute, but it is unlikely that
MC> such a test, by itself, will be sufficient to make the determination.
MC> Here's a somewhat more elaborate suggestion for how logon/session validation
MC> might be handled.
MC> 1) In struts-config.xml, allow an optional entity <session-check>, which has
MC> two optional (and mutually exclusive) attributes, 'attribute' and 'type',
MC> and which allows <forward> entities within it.
MC> 2) If the 'attribute' attribute is set, Struts will check for the existence
MC> of an attribute with this name in the session. If it is not present, and a
MC> <forward> named "default" exists, Struts will forward (or redirect)
MC> according to that forward.
MC> 3) If the 'type' attribute is set, Struts will first instantiate an object
MC> of the class specified by that attribute, and then call the sessionCheck()
MC> method on that object. This method returns the ActionForward object for
MC> where to go next, or null if everything is OK.
MC> Does this make sense?
It is "necessary but not sufficient" too... 8))
i think taht next two additions for <session-check> can be very
helpful.
1. Role attribute - if user is not logged on or is not in specified
role then forward to the 'hard' forward from the attribute or to
the 'soft' forward via object (specified by type attribute).
2. User attribute - if user is not logged on or his name is not equal
to the 'user' attribute value, then use 'hard' or 'soft' forwards
as target to jump.
--
Best regards,
Oleg mailto:[EMAIL PROTECTED]
