We had the same issue to deal with. What we did was in our ActionServet (which subclassed Struts ActionServlet), was to override the "processPreprocess" method, which is called for every request. We checked the session there, instead of in every Action perform method. If the session is expired or the user isn't logged in, we perform a redirect to the login page. This worked out very nicely and also allowed us to remove the check in the Action classes, since this method is called before the ActionForm validate and the Action perform method.
In 1.1, this method is moved to the RequestProcessor class, but it works the same way. I'm sure there are other solutions, but this is one approach. Chuck Cavaness At 02:20 AM 3/5/2002 +0000, you wrote: >I've got a problem and I'm not sure whether it's my poor design or a struts >limitation. I'd appreciate it if someone can shed some light. Let me know if >you require more details. > >I have an action mapping for an "update my profile" page with an associated >ActionForm and validate="true". In order to navigate to this form the user >has to login first. The Action itself checks that the user is logged in in >the perform() method. If he isn't then he's forwarded back to the login >action. This all works fine in the case where the session expires and the >user clicks on the link to take him to the form because he gets forwarded to >the login page. > >My problem is that if he navigates to this form, then waits for the session >to timeout then clicks submit then the validate() method on the ActionForm >is called BEFORE the perform() method on the Action itself. In my case the >validation fails as it relies on being able to read data from the session. > >I can see a solution where in validation() methods I check that the session >is still valid but this seems clumsy to me. Is it good MVC design for the >request to be handled by the Model before the Controller gets to see it? Am >I incorrectly putting business logic into the validation() method when it >should be dealt with further down the chain? Or should I be handling my >authentication and session management in a subclass of the ActionServlet? > >I'd appreciate any insights. >Matt. > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
