To do it properly you have to:
(1) Write a abstract base class, say `SecureActionBase' that provide security methods
"checkLogon()". Write a default implementation of `checkLogin' that subclasser can
override. If no user is not longer return an action mapping forward that redirects
to the "login". Otherwise let the user continue.
(2) Borrow the `CheckLoginTag' from the Struts example and use it as it is, or modify
it.
You put the checklogin tag at the beginning of your JSPs.
(3) Extend the Struts ActionServlet with a custom class for your project that will
enable you
to look for instances of `SecureActionBase' and then call the security methods.
Like so:
protected ActionForward processActionPerform(Action action,
ActionMapping mapping,
ActionForm formInstance,
HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
....
if ( action instanceof SecureBaseAction ) {
SecureBaseAction baseAction = (SecureBaseAction)action;
...
if ( baseAction.isSecureAction() ) { // This action needs security
....
ActionForward fwd = baseAction.checkUserSecurityAccess(
context, mapping, request );
if ( fwd != null ) {
// Redirect to login screen or other warning page
return fwd;
}
// Otherwise we are authenticated, continue
}
... // pre-process checking U desire
ActionForward forward = action.perform(mapping, formInstance, request,
response);
... // post -process checking U desire
return forward;
}
--
Peter Pilgrim ++44 (0)207-545-9923
//_\\
"Mathematics is essentially the study of islands of =======
disparate subjects in a sea of ignorance." || ! ||
Andrew Wiles _____________
---------------------------------------- Message History
----------------------------------------
From: "Scott Watson" <[EMAIL PROTECTED]> on 02/11/2001 10:44 EST
My appologies for asking something that has probablly been asked and answered before,
however, I wasn't able to find the answer in
my searches.
How do you force someone to login before being allowed to access your application. It
doesn't seem right to code this in each
action class.
Is it possible to search the archives for this list like the SERVLET and the JSP lists?
Thanks
Scott.
--
This e-mail may contain confidential and/or privileged information. If you are not the
intended recipient (or have received this e-mail in error) please notify the sender
immediately and destroy this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
