RE: If not logged in, login and redirect do requested page scenario.

Mon, 16 Aug 2004 00:24:24 -0700 

Dei..
        Kaelvi ium kaettuttu Pathilum neeyae solluriyaa?
        :)
        Uthai vilum :))


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, August 16, 2004 3:22 PM
To: [EMAIL PROTECTED]
Subject: If not logged in, login and redirect do requested page scenario.

Hi,

Some pages in the site I'm working on should be available only for users who
have previously logged in, but links to them may appear on pages that area
accessible for anybody.

I'm trying to implement a scenario in which if the user who has not logged
in clicks on a link to a page "for logged in users only"  should be
redirected to "login page", and then if the login operation succeeds another
redirection takes the user, to the page that was originally requested.

Are there any "commonly known" techniques to do this smoothly with Struts??

I did it as follows...

All links to pages "for logged in users only" go throuth one action say
"LoginAndRedirect" so in JSP they look like

<html:link href="LoginAndRedirect.do?FORWARD_TO=accountDetails">

The LoginAndRedirect action first checks if there is an instance of
OnlineUser (which is a simple JavaBean) in the session (its presence
indicates that the user has already logged in) If the OnlineUser is not
found, the value of the FORWARD_TO parameter is stored in session and the
LoginAndRedirect action forwards to login.jsp (global forward) where the
user gets his chance to authenticate. If the attempt to login succeeds, the
OnlineUser is placed in the session and the request is forwarded back (again
through the global forward) to the LoginAndRedirect action which this time
finds the OnlineUser in the session as well as the FORWARD_TO param. All
"for logged in users only" pages are defined as forwards of LoginAndRedirect
so its final action is sth like...

return forward.findForward(session.getAttribute("FORWARD_TO"));

I'm aware that with this approach I must also prevent somehow "not logged
in" users from accessing the "forbiden pages" directly - thay can just type
the URL in the browser and get where they should not :)

Any suggestions of making this in a better way will be appreciated!! :)

Regards
Chris


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to