Your problem is slightly different than ours. In our application, the user had to be logged in to go anywhere. This mechanism was a way to catch the problem when a user has already logged in and let's the session timeout. They then invoke an action that has a form that uses the session object for something, like getting the user's Locale. Although I agree with Bryan that having anything other than presentation validation in the ActionForm is dangerous, let's face it; sometimes we do stupid things.
Chuck At 02:50 AM 3/5/2002 +0000, you wrote: >Thanks, that sounds like a good solution. My only reservation is that in >processPreprocess() you'd have to effectively hard-code a list of the >request paths that require a user to login. I suppose you have to do it >somewhere though. > >Matt. > >-----Original Message----- >From: Chuck Cavaness [mailto:[EMAIL PROTECTED]] >Sent: 05 March 2002 02:34 >To: Struts Users Mailing List >Subject: Re: validate() and session expiry > > >We had the same issue to deal with. What we did was in our ActionServet >(which subclassed Struts ActionServlet), was to override the >"processPreprocess" method, which is called for every request. We checked >the session there, instead of in every Action perform method. If the >session is expired or the user isn't logged in, we perform a redirect to >the login page. This worked out very nicely and also allowed us to remove >the check in the Action classes, since this method is called before the >ActionForm validate and the Action perform method. > >In 1.1, this method is moved to the RequestProcessor class, but it works >the same way. I'm sure there are other solutions, but this is one approach. > >Chuck Cavaness > >At 02:20 AM 3/5/2002 +0000, you wrote: > >I've got a problem and I'm not sure whether it's my poor design or a struts > >limitation. I'd appreciate it if someone can shed some light. Let me know >if > >you require more details. > > > >I have an action mapping for an "update my profile" page with an associated > >ActionForm and validate="true". In order to navigate to this form the user > >has to login first. The Action itself checks that the user is logged in in > >the perform() method. If he isn't then he's forwarded back to the login > >action. This all works fine in the case where the session expires and the > >user clicks on the link to take him to the form because he gets forwarded >to > >the login page. > > > >My problem is that if he navigates to this form, then waits for the session > >to timeout then clicks submit then the validate() method on the ActionForm > >is called BEFORE the perform() method on the Action itself. In my case the > >validation fails as it relies on being able to read data from the session. > > > >I can see a solution where in validation() methods I check that the session > >is still valid but this seems clumsy to me. Is it good MVC design for the > >request to be handled by the Model before the Controller gets to see it? Am > >I incorrectly putting business logic into the validation() method when it > >should be dealt with further down the chain? Or should I be handling my > >authentication and session management in a subclass of the ActionServlet? > > > >I'd appreciate any insights. > >Matt. > > > > > >-- > >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> > >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> > > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
