Hi,
Some pages in the site I'm working on should be available only for users who have
previously logged in, but links to them may appear on pages that area accessible for
anybody.
I'm trying to implement a scenario in which if the user who has not logged in clicks
on a link to a page "for logged in users only" should be redirected to "login page",
and then if the login operation succeeds another redirection takes the user, to the
page that was originally requested.
Are there any "commonly known" techniques to do this smoothly with Struts??
I did it as follows...
All links to pages "for logged in users only" go throuth one action say
"LoginAndRedirect" so in JSP they look like
<html:link href="LoginAndRedirect.do?FORWARD_TO=accountDetails">
The LoginAndRedirect action first checks if there is an instance of OnlineUser (which
is a simple JavaBean) in the session (its presence indicates that the user has already
logged in) If the OnlineUser is not found, the value of the FORWARD_TO parameter is
stored in session and the LoginAndRedirect action forwards to login.jsp (global
forward) where the user gets his chance to authenticate. If the attempt to login
succeeds, the OnlineUser is placed in the session and the request is forwarded back
(again through the global forward) to the LoginAndRedirect action which this time
finds the OnlineUser in the session as well as the FORWARD_TO param. All "for logged
in users only" pages are defined as forwards of LoginAndRedirect so its final action
is sth like...
return forward.findForward(session.getAttribute("FORWARD_TO"));
I'm aware that with this approach I must also prevent somehow "not logged in" users
from accessing the "forbiden pages" directly - thay can just type the URL in the
browser and get where they should not :)
Any suggestions of making this in a better way will be appreciated!! :)
Regards
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
