o.k i made a mistake. On Thu, 24 Jun 2004 17:53:28 +0200, Amleto Di Salle wrote > Ricardo Andres Quintero we receive several copies of your e-mails!!!!! > > Please stop the spam... > > BR > /Amleto > > -----Messaggio originale----- > Da: Ricardo Andres Quintero [mailto:[EMAIL PROTECTED] > Inviato: giovedì 24 giugno 2004 16.50 > A: [EMAIL PROTECTED] > Oggetto: Fw: Re: R: R: Back Browser Button After Logout and Reload so > that continue working > > thank u mark > but i need some code please > like Amleto Di Salle Wrote. > > ---------- Forwarded Message ----------- > From: "Mark R. Diggory" <[EMAIL PROTECTED]> > To: Struts Users Mailing List <[EMAIL PROTECTED]> > Sent: Thu, 24 Jun 2004 11:36:22 -0400 > Subject: Re: R: R: Back Browser Button After Logout and Reload so > that continue working > > Where do you store your user information for authentication? What is > behind your SecurityDelegate object. > > Our current project uses Tomcat/Sruts, we use Form Authenticator and > a JNDIRealm to authenticate our users which are configured in the > server.xml, access to any webapplication resources is done via the > the servlet api via security constraints which are configured in the > web.xml > > of the webapplication which allows us to block any restricted > request and forward it to the login form. I highly recommend using > it over a custom solution. Especially if you are trying to maintain > a secure application in production. > > -Mark > > Amleto Di Salle wrote: > > Hi, > > I have the following classes and it seems to work: > > > > 1) > > public class LoginAction extends Action { > > > > public ActionForward execute( ActionMapping actionMapping, > > ActionForm actionForm, HttpServletRequest httpServletRequest, > > HttpServletResponse httpServletResponse ) throws InvalidLoginException > > > { > > > > String login = ( ( LoginForm ) actionForm ).getLogin(); > > String password = ( ( LoginForm ) actionForm ).getPassword(); > > > > SecurityDelegate securityDelegate = new SecurityDelegate(); > > UserTO user = securityDelegate.autentication( login, password > > ); > > > > HttpSession session = httpServletRequest.getSession( false ); > > if ( session != null ) { > > session.invalidate(); > > } > > > > session = httpServletRequest.getSession( true ); > > session.setAttribute( Constants.USER_INFO, user ); > > > > return actionMapping.findForward( Constants.WELCOME ); > > } > > > > } > > > > 2) I have a BaseAction class and my the other classes extend it. > > public abstract class BaseAction extends Action { > > > > public ActionForward execute( ActionMapping actionMapping, > > ActionForm actionForm, HttpServletRequest httpServletRequest, > > HttpServletResponse httpServletResponse ) throws > > UserNotLoggedException { > > HttpSession session = httpServletRequest.getSession( false ); > > if ( session == null ) { > > throw new UserNotLoggedException( "User Not logged!" ); > > } > > > > UserTO userTO = ( UserTO) session.getAttribute( > > Constants.USER_INFO ); > > if ( userTO == null ) { > > throw new UserNotLoggedException( "User not Logged!" ); > > } > > return doExecute( actionMapping, actionForm, > > httpServletRequest, httpServletResponse ); > > } > > > > public abstract ActionForward doExecute( ActionMapping > > actionMapping, ActionForm actionForm, HttpServletRequest > > httpServletRequest, HttpServletResponse httpServletResponse ); } > > > > 3) > > public class LogoutAction extends Action { > > > > public ActionForward execute( ActionMapping actionMapping, > > ActionForm actionForm, HttpServletRequest httpServletRequest, > > HttpServletResponse httpServletResponse ) { > > > > HttpSession session = httpServletRequest.getSession( false ); > > if ( session != null ) { > > session.invalidate(); > > } > > return actionMapping.findForward( Constants.SUCCESS ); > > } > > > > } > > > > BR > > /Amleto > > > > > > -----Messaggio originale----- > > Da: manoj JC [mailto:[EMAIL PROTECTED] > > Inviato: giovedì 24 giugno 2004 17.15 > > A: [EMAIL PROTECTED] > > Oggetto: RE: R: Back Browser Button After Logout and Reload so that > > continue working > > > > > > Along the same lines > > > > > > In the Login.do > > You should have something like > > HttpSession session = httpServletRequest.getSession( true ); if ( > > session != null ) { > > session.setAttribute("loggedin", true); > > } > > > > And in Logout.do > > You should have something like > > HttpSession session = httpServletRequest.getSession( false ); if ( > > session != null ) { > > session.setAttribute("loggedin", false); > > } > > > > The way I have done is, I have divided my action classes into two > > types. One for logged in users and other for not logged in users. In > > struts-config one > > of the attributs of the action class is "requiredlogin=yes" or > > "requiredlogin=no" > > > > In the actionservlet, I check if the current action's > > "requiredlogin=yes" if it is then check for the value > > session.getAttribute("loggedin"); If it is false, you redirect the > > page to a login.do else you would send it to correct > > action class. > > > > Folks, please let me know if this a convoluted way of achieving this. > > > > > >>From: "Amleto Di Salle" <[EMAIL PROTECTED]> > >>Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > >>To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> > >>Subject: R: Back Browser Button After Logout and Reload so that > >>continue > >>working > >>Date: Thu, 24 Jun 2004 16:53:40 +0200 > >> > >>Hi, > >>one possible solution is to invalidate the session inside the > >>"LogoffAction". > >> > >> HttpSession session = httpServletRequest.getSession( false ); > >> if ( session != null ) { > >> session.invalidate(); > >> } > >> > >>If you have already done and the problem remains, maybe you are using > >>HttpServletRequest.getSession() method (or getSession(true)) inside > >>the > > > > > >>Actions (or "BaseAction" if you use a base class for your all actions, > >>in order to validate the users). > >> > >>BR > >>/Amleto > >> > >> > >>-----Messaggio originale----- > >>Da: Ricardo Andres Quintero [mailto:[EMAIL PROTECTED] > >>Inviato: giovedì 24 giugno 2004 15.41 > >>A: [EMAIL PROTECTED] > >>Oggetto: Back Browser Button After Logout and Reload so that continue > >>working > >> > >> > >>Hello my friends > >>Followed i attach a message i found in the internet. > >>I have found some conceptual solutions about this problem, but i DO > >>need an example that works to solve it. > >> > >>The conceptual solution talks about a token syncronizer. I don't know > >>how to write it. > >> > >>Thank you in advanced. > >> > >><%-- THE PROBLEM --%> > >> > >>Hello, > >> > >>I used Struts to develop a web app which has a login form to permit > >>access to different functionnalities via a menu page. I use a session > >>var I set at login to check if the user has not logged out. The > problem > > > > > >>that I have is, once I do the logoff, if I use the Back button of the > >>browser to the menu page and do a refresh a new session gets created > >>and I'm able to use the app. I have a filter to do the verification > but > > > > > >>I tried before doing it in each Action and I have the same problem. I > >>don't access .jsp pages directly, I have an Action for each of them. I > > >>read some posts but none seems to talk about my specific problem. > >> > >>It sounds like a begginer caveat but I have no idea what should I do > >>or > > > > > >>what am I doing wrong. Any help appreciated, > >> > >>Cezar > >> > >><%-- END OF THE PROBLEM --%> > >> > >> > >>-- > >>Ricardo Andrés Quintero R. > >>Ubiquando Ltda. > >> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > > > > > > _________________________________________________________________ > > Is your PC infected? Get a FREE online computer virus scan from > > McAfee® > > Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > -- > Mark Diggory > Software Developer > Harvard MIT Data Center > http://www.hmdc.harvard.edu > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > ------- End of Forwarded Message ------- > > -- > Ricardo Andrés Quintero R. > Ubiquando Ltda. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED]
-- Ricardo Andrés Quintero R. Ubiquando Ltda. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
