If you don't want to use container based security, here's a quick snippet from a
LogonAction.
DynaActionForm logonForm = (DynaActionForm)form;
String username = (String)logonForm.get("username");
String password = (String)logonForm.get("password");
try {
// check username and password
...
// add credentials to the user's session
session.setAttribute("user", userCredentials);
} catch (Exception ex) {
// logon failed
return mapping.findForward("failure");
}
// logon succeeded
return mapping.findForward("success");
Here's a snippet from an action that requires a logon.
if (session.getAttribute("user") == null) {
return mapping.findFoward("logon");
}
Regards,
Dave
> -----Original Message-----
> From: V. Cekvenich [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 22, 2003 8:46 AM
> To: [EMAIL PROTECTED]
> Subject: Re: To check if user is logged in
>
>
> Any security FAQ:
> best practice is to use standard container based security
> that is there
> since Servlet 2.2.
> Struts-config works with it.
>
> Then based on that extend.
> The example app in struts .... is not a good practice AFIK.
>
> .V
>
> Suresh Addagalla wrote:
> > Hi,
> >
> > I think this is a commonly performed task, but I need your inputs to
> > implement it in the best possible way.
> >
> > I have login page to authenticate the user. For subsequent
> requests, I
> > need to check that the user is logged in. If he is not
> logged in, I need
> > to display the login page.
> >
> > Is extending ActionServlet a good way to do this? The
> process() method
> > can check for the existence of user's data in session to
> know if he is
> > logged in. But I see a problem. My login page itself is submitted to
> > login.do, so the login request goes through my
> ActionServlet subclass,
> > which means that he will never be able to login?? Or am I missing
> > something?
> >
> > Any other approach, please let me know.
> >
> > Thanks,
> > Suresh
> >
> >
> >
> >
> --------------------------------------------------------------
> ----------
> >
> >
> **************************Disclaimer**************************
> ************************
> >
> > Information contained in this E-MAIL being proprietary to
> Wipro Limited is 'privileged'
> > and 'confidential' and intended for use only by the
> individual or entity to which it is
> > addressed. You are notified that any use, copying or
> dissemination of the information
> > contained in the E-MAIL in any manner whatsoever is
> strictly prohibited.
> >
> >
> **************************************************************
> **************************
> >
> >
> >
> >
> >
> >
> >
> --------------------------------------------------------------
> ----------
> >
> > --
> > To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
