RE: Prevent URL requested directly from browser

Seyhan BASMACI (Internet Yazilimlari Yetkilisi) Tue, 16 Sep 2003 03:26:48 -0700

I think the best place to do such kind of task is to extend RequestProcessor class,
this approach takes session control from developers,


extend TilesRequestProcessor , change the controller class to your new class ( 
SessionRequestProcessor) inside struts-config.xml.

here is the code 

public class SessionRequestProcessor extends TilesRequestProcessor{
        protected String processPath(HttpServletRequest request,
                                                                         
HttpServletResponse response)  throws IOException 
 {
                        
                String origPath = request.getRequestURI();

                if(!origPath.endsWith("/Login.do")){

                HttpSession session =   request.getSession(false);  // get session 
only if it exists 

                      if (session != null ) {    // session available, 
                        
                          return super.processPath(request, response);  
                
                      }
          
                      else                    // redirect to login page 
                      
                                return "/Login";         
        } 

    else {
    
          HttpSession session =  request.getSession(false);  // get session only if it 
exists 

      if (session != null)       
          session.invalidate(); 

                        return super.processPath(request, response);  // process login 
page request
                        
      }
                
        }

        
}




-----Original Message-----
From: David LAFAY [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 16, 2003 11:06 AM
To: [EMAIL PROTECTED]
Subject: Re: Prevent URL requested directly from browser


PUT the following code into the begin of all your JSP :
<logic:notPresent name="REMOTEUSER">
<logic:forward name="login"/>
</logic:notPresent>

Then don't forget to declare a global forward named "login" for redirect to
your login.jsp
and don't forget to put de the user login name into the Session on your
LoginAction

David

"veera maria" <[EMAIL PROTECTED]> a écrit dans le message news:
[EMAIL PROTECTED]
> Hello,
>
> What is the best way to prevent user to request web application's
> actions from browser manually?
>
> E.g. user is using web application and taking it's current url
> to clipboard. Then user goes e.g. to Google for surfing for a while.
> After surfing (s)he pastes web applications url back to browser's
> address field.
> Best technique in Struts applicaton to prevent this?
>
> Vera
>
> _________________________________________________________________
> Tilaa nyt Hotmail postit kännykkääsi! http://www.msn.fi/mobiili/




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Prevent URL requested directly from browser

Reply via email to