Oh, one more thing.
Note how in this servlet filter some
application-specific URIs are hard-coded.
It would be more elegant, IMHO, to declare
those elsewhere.
Also, instead of sending a redirect to a
hard-coded URI, one could use sendError with
401 code (unauthorized) and then handle 401
declaratively in web.xml, like this for
instance:
<error-page>
<error-code>401</error-code>
<location>/loginView.do</location>
</error-page>
What do people think? Is this better or not?
Thanks,
Otis
---- On Tue, 31 Dec 2002, Ronald Mathies
([EMAIL PROTECTED]) wrote:
> I've added some files as an example. How i
manage the user sessions.
>
>
> ----- Original Message -----
> From: "Arik Levin ( Tikal )"
<[EMAIL PROTECTED]>
> To: "'Struts Users Mailing List'"
<[EMAIL PROTECTED]>
> Sent: Tuesday, December 31, 2002 11:59 AM
> Subject: RE: How to forward from a struts
form to a login dialog ?
>
>
> > There are two main solutions:
> >
> > The first one is more effective,
including JAAS.
> > You have to make a form that call
j_security_check action with j_password
> > and j_username inputs, the web server
has its own security engine that
> > throws you to your first login page if
you are not authorized.
> >
> > The second solution is simpler. You make
a base action which store your
> user
> > information at the HttpSession after it
has been authorized. Every action
> > you have at your application should
extend this base action. In case of
> > session timeout or user not authorized
just forward to your login page.
> >
> > I hope this helps you.
> >
> > Arik.
> >
> > -----Original Message-----
> > From: Zsolt Koppany [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, November 07, 2002 11:18 AM
> > To: [EMAIL PROTECTED]
> > Subject: How to forward from a struts
form to a login dialog ?
> >
> > Hi,
> >
> > in a struts form I want to check whether
to user has already logged in. If
> > not, instead of showing the form I want
to forward the user to a login
> > dialog
> > and he must log in. After the user
logged in, I want him to come back to
> the
> >
> > form and I have to restore the original
parameters of the form.
> >
> > What is the best solution?
> >
> >
> > Zsolt
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> >
<mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> >
> >
> > --
> > To unsubscribe, e-mail:
>
<mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
> >
>
>
>
> /*
> * $Archive: $
> *
> * $Workfile: $
> * $Revision: $
> * $Date: $
> * $Author: $
> *
> * Copyright 2002 J-Instance. All Rights
Reserved.
> *
> * This software is the proprietary
information of J-Instance.
> * Use is subject to license terms.
> *
> */
>
> package com.jinstance.ibep.login;
>
> import org.apache.struts.action.*;
> import java.io.*;
> import javax.servlet.*;
> import javax.servlet.http.*;
>
> import javax.naming.*;
>
> import org.apache.commons.beanutils.*;
>
> import com.jinstance.ibep.action.*;
>
> // RMA:
> import org.apache.log4j.PropertyConfigurator;
> import org.apache.log4j.Logger;
> import org.apache.log4j.Priority;
>
> public class LoginAction extends
DefaultAction {
>
> static Logger logger =
Logger.getLogger(LoginAction.class.getName());
>
> private String sessionUsernamePath;
>
> private String loginname,
> password;
>
>
> /**
> * This is the main action called from
the Struts framework.
> * @param mapping The ActionMapping used
to select this instance.
> * @param form The optional ActionForm
bean for this request.
> * @param request The HTTP Request we
are processing.
> * @param response The HTTP Response we
are processing.
> */
> public ActionForward
execute(ActionMapping mapping, ActionForm
form, HttpServletRequest request,
> HttpServletResponse response) throws
IOException, ServletException {
>
>
PropertyConfigurator.configure("log4j.properties");
>
> logger.
>
> ActionErrors ae = new ActionErrors();
>
> /** Get the path to the username for
this application. */
> sessionUsernamePath =
getSessionUsernamePath();
>
> try {
>
> /** Retrieve the login data from the
form. */
> loginname =
(String)PropertyUtils.getSimpleProperty(form,
"loginname");
> password =
(String)PropertyUtils.getSimpleProperty(form,
"password");
>
> } catch (Exception e) {
> logger.error("Missing loginname or
password method within the LoginActionForm", e);
> System.out.println (e);
> }
>
> /** Create a user session. */
> HttpSession session =
request.getSession(true);
>
> /** Set the username at the path
specified in the web.xml file */
>
session.setAttribute(sessionUsernamePath,
loginname);
>
> logger.info("User " + loginname + "
succesfully logged into the application");
>
> return
mapping.findForward(ACTION_SUCCESS);
> }
>
> private String getSessionUsernamePath()
throws ServletException {
> try {
> Context context = new InitialContext();
> return
(String)context.lookup("java:comp/env/session/username");
> } catch(NamingException namingException) {
> logger.fatal("Missing <env-entry> in
web.xml (session/username) ", namingException);
> throw new ServletException("Missing
<env-entry> in web.xml (session/username)");
________________________________________________
Get your own "800" number
Voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
