I've never used CMA because of potential implementation differences across containers. Are those fears justified? I have used the Filter approach and found it to be easy and portable.
Dave >From: Eddie Bush <[EMAIL PROTECTED]> >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >To: Struts Users Mailing List <[EMAIL PROTECTED]> >Subject: Re: Using CheckLogin tag from within tiles >Date: Mon, 07 Oct 2002 11:59:34 -0500 > >... or use container-managed authentication (CMA) :-) and place the burden >on the server itself. Sorry - had to chip in! I honestly don't know how >long CMA has been a part of the servlet specification - but I'd wager that >wouldn't be spec 2.3 dependent ;-) > >David Graham wrote: > >>Another of those best practices is to use a Filter to authenticate the >>user before they ever reach your application. This requires a servlet 2.3 >>compliant container and doesn't easily allow you to use struts specific >>classes. >> >>So, if you don't need struts to authenticate and are using a 2.3 >>container, use the Filter approach. >> >>Dave >> >>>From: "James Mitchell" <[EMAIL PROTECTED]> >>>Subject: Re: Using CheckLogin tag from within tiles >>>Date: Mon, 7 Oct 2002 12:43:41 -0400 >>> >>>There have been many "best practices" published (media) and posted (users >>>list) over the last year or so that, if followed, can/would elimiate >>>these >>>kinds of issues. >>> >>>By forcing all interactions with your webapp to go through your custom >>>actions, you can keep your "check for session expire" code in your action >>>classes and not have to rely on your jsp to enforce it. >>> >>>I typically do this in an abstract BaseAction which all actions (except >>>those not requiring authentication or session data) are required to >>>extend. >>> >>> > - If I put it in the body insert, then when the login check fails >>> > (because of session timeout) it throws an exception saying that it >>> > couldn't forward because the output was already committed (I presume >>> > that the preceding tiles do a flush). >>> >>>By placing my "is session expired" code in the base action, I do not have >>>to >>>replicate the check anywhere else, which elimiates this issue. >>> >>> > - If I put it at the top of the simpleLayout.jsp (which I thought >>>would >>> > be before anything was flushed) then it detects the error (and >>>creates >>> > the correct ActionError) but the forward to the logon page doesn't >>> > work (the current page is displayed) and the page skip of the >>> > CheckLogin tag doesn't work. >>> >>>Not sure why this is happening, but see above for avoiding it as well. >>> >>>Hope that helps. >>>James Mitchell >> > >-- >Eddie Bush > > > > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
