thank u mark
but i need some code please
like Amleto Di Salle Wrote.
---------- Forwarded Message -----------
From: "Mark R. Diggory" <[EMAIL PROTECTED]>
To: Struts Users Mailing List <[EMAIL PROTECTED]>
Sent: Thu, 24 Jun 2004 11:36:22 -0400
Subject: Re: R: R: Back Browser Button After Logout and Reload so that
continue working
Where do you store your user information for authentication? What is
behind your SecurityDelegate object.
Our current project uses Tomcat/Sruts, we use Form Authenticator and a
JNDIRealm to authenticate our users which are configured in the
server.xml, access to any webapplication resources is done via the the
servlet api via security constraints which are configured in the web.xml
of the webapplication which allows us to block any restricted request
and forward it to the login form. I highly recommend using it over a
custom solution. Especially if you are trying to maintain a secure
application in production.
-Mark
Amleto Di Salle wrote:
> Hi,
> I have the following classes and it seems to work:
>
> 1)
> public class LoginAction extends Action {
>
> public ActionForward execute( ActionMapping actionMapping,
> ActionForm actionForm, HttpServletRequest httpServletRequest,
> HttpServletResponse httpServletResponse ) throws InvalidLoginException {
>
> String login = ( ( LoginForm ) actionForm ).getLogin();
> String password = ( ( LoginForm ) actionForm ).getPassword();
>
> SecurityDelegate securityDelegate = new SecurityDelegate();
> UserTO user = securityDelegate.autentication( login, password );
>
> HttpSession session = httpServletRequest.getSession( false );
> if ( session != null ) {
> session.invalidate();
> }
>
> session = httpServletRequest.getSession( true );
> session.setAttribute( Constants.USER_INFO, user );
>
> return actionMapping.findForward( Constants.WELCOME );
> }
>
> }
>
> 2) I have a BaseAction class and my the other classes extend it.
> public abstract class BaseAction extends Action {
>
> public ActionForward execute( ActionMapping actionMapping,
> ActionForm actionForm, HttpServletRequest httpServletRequest,
> HttpServletResponse httpServletResponse ) throws UserNotLoggedException
> {
> HttpSession session = httpServletRequest.getSession( false );
> if ( session == null ) {
> throw new UserNotLoggedException( "User Not logged!" );
> }
>
> UserTO userTO = ( UserTO) session.getAttribute(
> Constants.USER_INFO );
> if ( userTO == null ) {
> throw new UserNotLoggedException( "User not Logged!" );
> }
> return doExecute( actionMapping, actionForm, httpServletRequest,
> httpServletResponse );
> }
>
> public abstract ActionForward doExecute( ActionMapping
> actionMapping, ActionForm actionForm, HttpServletRequest
> httpServletRequest, HttpServletResponse httpServletResponse );
> }
>
> 3)
> public class LogoutAction extends Action {
>
> public ActionForward execute( ActionMapping actionMapping,
> ActionForm actionForm, HttpServletRequest httpServletRequest,
> HttpServletResponse httpServletResponse ) {
>
> HttpSession session = httpServletRequest.getSession( false );
> if ( session != null ) {
> session.invalidate();
> }
> return actionMapping.findForward( Constants.SUCCESS );
> }
>
> }
>
> BR
> /Amleto
>
>
> -----Messaggio originale-----
> Da: manoj JC [mailto:[EMAIL PROTECTED]
> Inviato: giovedì 24 giugno 2004 17.15
> A: [EMAIL PROTECTED]
> Oggetto: RE: R: Back Browser Button After Logout and Reload so that
> continue working
>
>
> Along the same lines
>
>
> In the Login.do
> You should have something like
> HttpSession session = httpServletRequest.getSession( true );
> if ( session != null ) {
> session.setAttribute("loggedin", true);
> }
>
> And in Logout.do
> You should have something like
> HttpSession session = httpServletRequest.getSession( false ); if (
> session != null ) {
> session.setAttribute("loggedin", false);
> }
>
> The way I have done is, I have divided my action classes into two types.
> One
> for logged in users and other for not logged in users. In struts-config
> one
> of the attributs of the action class is "requiredlogin=yes" or
> "requiredlogin=no"
>
> In the actionservlet, I check if the current action's
> "requiredlogin=yes" if it is then check for the value
> session.getAttribute("loggedin"); If it is
> false, you redirect the page to a login.do else you would send it to
> correct
> action class.
>
> Folks, please let me know if this a convoluted way of achieving this.
>
>
>>From: "Amleto Di Salle" <[EMAIL PROTECTED]>
>>Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
>>To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
>>Subject: R: Back Browser Button After Logout and Reload so that
>>continue
>>working
>>Date: Thu, 24 Jun 2004 16:53:40 +0200
>>
>>Hi,
>>one possible solution is to invalidate the session inside the
>>"LogoffAction".
>>
>> HttpSession session = httpServletRequest.getSession( false );
>> if ( session != null ) {
>> session.invalidate();
>> }
>>
>>If you have already done and the problem remains, maybe you are using
>>HttpServletRequest.getSession() method (or getSession(true)) inside the
>
>
>>Actions (or "BaseAction" if you use a base class for your all actions,
>>in order to validate the users).
>>
>>BR
>>/Amleto
>>
>>
>>-----Messaggio originale-----
>>Da: Ricardo Andres Quintero [mailto:[EMAIL PROTECTED]
>>Inviato: giovedì 24 giugno 2004 15.41
>>A: [EMAIL PROTECTED]
>>Oggetto: Back Browser Button After Logout and Reload so that continue
>>working
>>
>>
>>Hello my friends
>>Followed i attach a message i found in the internet.
>>I have found some conceptual solutions about this problem,
>>but i DO need an example that works to solve it.
>>
>>The conceptual solution talks about a token syncronizer. I don't know
>>how to write it.
>>
>>Thank you in advanced.
>>
>><%-- THE PROBLEM --%>
>>
>>Hello,
>>
>>I used Struts to develop a web app which has a login form to permit
>>access to different functionnalities via a menu page. I use a session
>>var I set at login to check if the user has not logged out. The problem
>
>
>>that I have is, once I do the logoff, if I use the Back button of the
>>browser to the menu page and do a refresh a new session gets created
>>and I'm able to use the app. I have a filter to do the verification but
>
>
>>I tried before doing it in each Action and I have the same problem. I
>>don't access .jsp pages directly, I have an Action for each of them. I
>>read some posts but none seems to talk about my specific problem.
>>
>>It sounds like a begginer caveat but I have no idea what should I do or
>
>
>>what am I doing wrong. Any help appreciated,
>>
>>Cezar
>>
>><%-- END OF THE PROBLEM --%>
>>
>>
>>--
>>Ricardo Andrés Quintero R.
>>Ubiquando Ltda.
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>>
>
>
> _________________________________________________________________
> Is your PC infected? Get a FREE online computer virus scan from McAfee®
> Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
Mark Diggory
Software Developer
Harvard MIT Data Center
http://www.hmdc.harvard.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
------- End of Forwarded Message -------
--
Ricardo Andrés Quintero R.
Ubiquando Ltda.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
