I use a servlet filter - this way I can restrict access to actions & JSPs without putting any code in either of them.
Paul -----Original Message----- From: Seyhan BASMACI (Internet Yazilimlari Yetkilisi) [mailto:[EMAIL PROTECTED] Sent: 03 November 2003 10:20 To: Struts Users Mailing List Subject: RE: Session Times Out I think best way to check session is to extend requestProcessor Class and override processPath method, -----Original Message----- From: Jose Ramon Diaz [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 12:06 PM To: 'Struts Users Mailing List' Subject: RE: Session Times Out Hi, But be carefull because the actions will be executed before redirecting to JSP, so I think it?s better to check the session in all the actions, isn?t it? > > Make a custom tag like so : > > > > Create a tld file with this in it : > > <?xml version="1.0" encoding="ISO-8859-1" ?> > <!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP > Tag Library > 1.1//EN" "http://java.sun.com/j2ee/dtds/web-jsptaglibrary_1_1.dtd";> > <taglib> > <tlibversion>1.0</tlibversion> > <jspversion>1.1</jspversion> > <shortname>Tag Libs</shortname> > <info>ustom Tags</info> > <tag> > <name>checkLogin</name> > > <tagclass>com.cpaglobal.cpadirect.tag.CheckLogin</tagclass> > <bodycontent>empty</bodycontent> > <info>Checks the login status of a user and > forward them to the > login page if not logged in.</info> > <attribute> > <name>loginPage</name> > <required>false</required> > <rtexprvalue>false</rtexprvalue> > </attribute> > <attribute> > <name>default</name> > <required>false</required> > <rtexprvalue>false</rtexprvalue> > </attribute> > </tag> > </taglib> > > > > Code for the custom tag : > > package com.cpaglobal.cpadirect.tag; > > import java.io.IOException; > > import javax.servlet.ServletException; > import javax.servlet.http.HttpSession; > import javax.servlet.jsp.JspException; > import javax.servlet.jsp.tagext.TagSupport; > > import com.cpaglobal.cpadirect.applicationlogic.SessionVariables; > import com.cpaglobal.cpadirect.applicationlogic.User; > > > public class CheckLogin extends TagSupport { > > > private String loginPage = "/JSP/Timeout.jsp"; > > > public void setLoginPage(String loginPage) { > this.loginPage = loginPage; > } > > public int doStartTag() throws JspException { > return (SKIP_BODY); > } > > public int doEndTag() { > try { > HttpSession session = pageContext.getSession(); > if (session != null) { > User user = (User) > session.getAttribute(SessionVariables.SESSION_LOGGED_ON_USER); > if (user == null) { > pageContext.forward(loginPage); > return (SKIP_PAGE); > } > } else { > pageContext.forward(loginPage); > return (SKIP_PAGE); > } > } catch(ServletException e) { > new JspException(e.toString()); > } catch(IOException e) { > new JspException(e.toString()); > } > return (EVAL_PAGE); > } > > } > > How to use it : > > <%@ taglib uri="/WEB-INF/cpa.tld" prefix="cpa"%> > <cpa:checkLogin/> > > Mike > > > > > |---------+----------------------------> > | | Caroline Jen | > | | <[EMAIL PROTECTED]| > | | .com> | > | | | > | | 03/11/2003 06:23 | > | | AM | > | | Please respond to| > | | "Struts Users | > | | Mailing List" | > |---------+----------------------------> > > >------------------------------------------------------------- > -----------------------------------------------------------------| > | > | > | To: [EMAIL PROTECTED] > | > | cc: > | > | Subject: Session Times Out > | > > >------------------------------------------------------------- > -----------------------------------------------------------------| > > > > > I check if session expires for each action in the > application. If the session times out, I forward the > user to index.jsp so that the user can log on again. > > How do I inform the user with a message that he/she is > at the welcome page because the session has expired? > > __________________________________ > Do you Yahoo!? > Exclusive Video Premiere - Britney Spears > http://launch.yahoo.com/promos/britneyspears/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > ************************************************************** > ****************** > The information in this message is confidential and may be legally > privileged. It is intended solely for the addressee; access to this > email by anyone else is unauthorised. > > If you are not the intended recipient: (1) you are kindly requested > to return a copy of this message to the sender indicating that you > have received it in error, and to destroy the received copy; and (2) > any disclosure or distribution of this message, as well as any action > taken or omitted to be taken in reliance on its content, is prohibited > and may be unlawful. > ************************************************************** > ****************** > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ************************************** Axios Email Confidentiality Footer Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message, and notify us immediately. If you or your employer does not consent to Internet email messages of this kind, please advise us immediately. Opinions, conclusions and other information expressed in this message are not given or endorsed by my Company or employer unless otherwise indicated by an authorised representative independent of this message. WARNING: While Axios Systems Ltd takes steps to prevent computer viruses from being transmitted via electronic mail attachments we cannot guarantee that attachments do not contain computer virus code. You are therefore strongly advised to undertake anti virus checks prior to accessing the attachment to this electronic mail. Axios Systems Ltd grants no warranties regarding performance use or quality of any attachment and undertakes no liability for loss or damage howsoever caused. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
