Hello,
I hope I have not beaten this to death on this list, but I have never gotten an
answer that has served my interest. So I rethought the question and I am
reposting it now.
The application I created, is a web-app in which a login is required of a
"username" and "password". Pretty standard stuff. I am not using container
authentication, I am just going to a database and pulling out data based upon
the entries.
The way I configured this, is I extended the RequestProcessor, and each time a
user hits the Controller, I check if there is a "user" object in the session.
If there is great. If not I create a new one and set a logged in boolean to
false. Now if the user has successfully logged in, I set the logged in boolean
to true.
This step is where I ran into problems. I checked the FAQ on session expiration
handling, and the FAQs recommended extending a base action class and checking
for the logged in flag. If the flag was not set, then I would throw a global
exception, throw them to the front door with a ActionMessage stating "session
expired".
Now don't get me wrong this works, but by extending the Action class I kind of
screwed myself by not being able to use a RequestDispatcher because now the
signature of the "subclassed action" was not the same as what the
requestDispatcher is looking for. When I extended the Action, I added a check
for the user flag:
eg:
public ActionForward executeAction(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response,
AppObject appObject,
UserObject user)
throws Exception {
So to sum this up, when I am in the RequestProcessor, is there anyway to find
the Action they are going to, so I can do my check of logged in? I am looking
at the method signature and do not see anything but a request and response
object here.
Or is there another method I should be extending to find out where they are
going? Because if I can see that they are going to an inside page, and their
flag is set to "not logged in", then I can send them to the front door with a
message stating "session expired" and not send the message to people who are
just hitting the front login page.
If this does not make sense, please email me back.
Thanks for your time,
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
