Hi Oliver, I think there are two issues here; how to handle a login and how to handle exceptions. J2EE security can help with the first and struts declarative exception handling (as of 1.1) can help with the latter.
You can use container managed security (in your case you would probably want to use 'form based' security). See the struts documentation for details on declarative exception handling (note that this could not be plugged into a login exception as the container would forward to a specified page in the event of an invalid login). Jon Ridgway -----Original Message----- From: ROSSEL Olivier [mailto:[EMAIL PROTECTED]] Sent: 18 November 2002 09:53 To: '[EMAIL PROTECTED]' Subject: Question about a Struts design pattern My application is made with tiles. As is: ----------------------- | T | L | ----------------------- | | | C | | | | | ----------------------- T: Title L: Login form C: Content The URL for this app is: /Main.jsp The login phase is made of 2 forms: the Username form and the Password form. The first one leads to the second one, and the second one leads to either: LoginSuccessfull or to NoSuchUser. My question is how to make those forms: to me, I will handle the L part of Main.jsp with a LoginDisplayer action. This action will check the state of the Login session object and either forward to Username.jsp, Password.jsp, LoginSuccessful or NoSuchUser. And each form (Username form and Password form) will be handled by the LoginManager action, which fills the Login object. And redirect to Main.jsp. I think this is the correct way to manage a kind of portlet in my app. My main problem is how to manage errors/exceptions. In the process above, the two actions (LoginDisplayer and LoginManager) are completely separated and the only central point is the Login session object. Should I pass excetions through that object? I am newbie with Struts, and wish to have a few design patterns for such an app. Any help is welcome. ---cut here--- This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. Security Notice: all e-mail, sent to or from this address, may be accessed by someone other than the recipient, for system management and security reasons. This access is controlled under Regulation of Investigatory Powers Act 2000, Lawful Business Practises. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> The contents of this email are intended only for the named addressees and may contain confidential and/or privileged material. If received in error please contact UPCO on +44 (0) 113 201 0600 and then delete the entire e-mail from your system. Unauthorised review, distribution, disclosure or other use of this information could constitute a breach of confidence. Your co-operation in this matter is greatly appreciated. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
