Another of those best practices is to use a Filter to authenticate the user before they ever reach your application. This requires a servlet 2.3 compliant container and doesn't easily allow you to use struts specific classes.
So, if you don't need struts to authenticate and are using a 2.3 container, use the Filter approach. Dave >From: "James Mitchell" <[EMAIL PROTECTED]> >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >Subject: Re: Using CheckLogin tag from within tiles >Date: Mon, 7 Oct 2002 12:43:41 -0400 > >There have been many "best practices" published (media) and posted (users >list) over the last year or so that, if followed, can/would elimiate these >kinds of issues. > >By forcing all interactions with your webapp to go through your custom >actions, you can keep your "check for session expire" code in your action >classes and not have to rely on your jsp to enforce it. > >I typically do this in an abstract BaseAction which all actions (except >those not requiring authentication or session data) are required to extend. > > > - If I put it in the body insert, then when the login check fails > > (because of session timeout) it throws an exception saying that it > > couldn't forward because the output was already committed (I presume > > that the preceding tiles do a flush). > >By placing my "is session expired" code in the base action, I do not have >to >replicate the check anywhere else, which elimiates this issue. > > > > - If I put it at the top of the simpleLayout.jsp (which I thought would > > be before anything was flushed) then it detects the error (and creates > > the correct ActionError) but the forward to the logon page doesn't > > work (the current page is displayed) and the page skip of the > > CheckLogin tag doesn't work. > >Not sure why this is happening, but see above for avoiding it as well. > >Hope that helps. >James Mitchell > > >----- Original Message ----- >From: "Alan P Sexton" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Sunday, October 06, 2002 1:26 PM >Subject: Using CheckLogin tag from within tiles > > > > > > I am switching from plain JSP to using tiles. I was using a CheckLogin > > tag on my JSP based on the one in the example for struts. This checks if > > there is a valid user in the session and, if not, creates an ActionError > > indicating that the session has timed out and forwards to logon. > > > > Now I have a simpleLayout.jsp similar to that in the tiles section of > > the Chuck Cavaness's online book draft: I insert a header, a body and a > > footer in the simpleLayout for my normal pages. > > > > Now I have a problem with the CheckLogin tag: > > > > - If I put it in the body insert, then when the login check fails > > (because of session timeout) it throws an exception saying that it > > couldn't forward because the output was already committed (I presume > > that the preceding tiles do a flush). > > > > - If I put it at the top of the simpleLayout.jsp (which I thought would > > be before anything was flushed) then it detects the error (and creates > > the correct ActionError) but the forward to the logon page doesn't > > work (the current page is displayed) and the page skip of the > > CheckLogin tag doesn't work. > > > > Can anyone explain to me what is going on and how to fix it? > > > > > > Alan Sexton > > > > > > > > > > -- > > To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> > > > > > > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
