> -----Original Message-----
> From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
> Sent: November 22, 2000 2:44 PM
> To: [EMAIL PROTECTED]
> Subject: Re: checklogon tag
>
> "Jones, Dean" wrote:
> >
> > Is there a universal definition of ``Logged On'' ???
> > In J2EE there is, but is not fully supported everywhere.
> >
> > Dean
> >
> > -----Original Message-----
> > From: Wong Kok Wai [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, November 22, 2000 11:07 AM
> > To: struts-user
> > Subject: checklogon tag
> >
> > Just wondering: why not make the checklogon tag currently
> in the example
> > as part of the core struts tags? IMHO, it is very useful.
>
> Yep ... that is the issue. For this particular application,
> "logged on" means
> the presence of a particular session attribute, of a
> particular class, under a
> particular key. None of that seems really amenable to
> "standardization" by
> making it a core tag.
>
> In addition, if we were using container-managed security we
> wouldn't need such a
> tag at all -- the servlet container would be preventing
> access to these pages
> unless the user had successfully authenticated themselves and
> had appropriate
> permissions.
> Craig McClanahan
I would suggest that in most practical cases even then you would still need
something in a session indicating if you were logged on or not. There is the
pretty common scenario where a lot of your site is accessible to anyone, but
some of these pages need to behave slightly differently depending on if the
user is logged in or not, and if they are logged in, based on their roles.
If you were to call 'IsUserInRole' on that page, it would force the
container to force a user logon, which is not what you want. You would
probably instead check the session for a variable indicating that the user
was logged on, (this would have been set by any previous intentional or
forced logon due to container managed persistence) and then do something
standard if you knew the user was not logged in; if on the other hand the
user was logged in, you would do something specific to logged in users, or
if you wanted to know what kind of logged in user, you would then maybe call
'IsUserInRole'.
In any case, I don't know how a 'standard' logged in tag could encapsulate
all the usage scenarios...
