Re: DB hit from ActionForm Validate method

Fri, 06 Sep 2002 06:49:11 -0700 

I've always used validate() as simple form validation, such as ensure a
necessary field is set, not business validation such as a 3 login attempt
rule. I would recommend you set something in the request or session that
stores the number of attempts. In each action, when you check, increment
that number and then add a mapping forward for a 3 strikes your out rule so
on the last failed attempt instead of
mapping.findForward(mapping.getInput()) you send him to
mapping.findForward("3strikesyourout");

Your struts-config.xml would look something like this

    <action    path="/login"
               type="com.domain.LoginAction"
               input="login.jsp"
               name="loginForm"
               scope="request"
               validate="true">
      <forward name="success" path="/main.jsp"/>
      <forward name="3strikesyourout" path="/main.jsp"/>
    </action>

hope this helps,
Mike



----- Original Message -----
From: "Cohan, Sean" <[EMAIL PROTECTED]>
To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
Sent: Friday, September 06, 2002 9:19 AM
Subject: DB hit from ActionForm Validate method


> We need to implement '3 strikes and your out' functionality to our logon
> process.  If the user is unsuccessful after 3 logon attempts, we disable
> their account.  I put some of the user id / password functionality in the
> validate method of the LogonForm class.  However, in between each attempt,
I
> need find out what number of logon attempt they are on, and if this is not
> their 3rd attempt, bump up the logon attempt number. If it's their second
> attempt and they fail, I  need to let them know they only have 1 ore
chance
> to get it right.  If they successfully logon, we also need to show them
how
> many attempts it took them to logon the last time their account was
> accessed.
>
> We were thinking we'd store their current and previous logon attempt
number
> in the DB.  My question is whether it is acceptable or common practice to
> access the DB from the validate method or should DB access only be done in
> the LogonAction class (which means I'd move the perform functionality to
the
> LogonAction class)?
>
> Thanks.
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to