Scott:
I'm kind of confused by a couple of things you wrote. Can you clarify?
Now don't get me wrong this works, but by extending the Action class I kind of screwed myself by not being able to use a RequestDispatcher because now the signature of the "subclassed action" was not the same as what the requestDispatcher is looking for. When I extended the Action, I added a check for the user flag:
Here do you mean javax.servlet.RequestDispatcher? I think you mean RequestProcessor? I think what I would have recommended was not changing RequestProcessor.executeAction, but instead having a base subclass of Action roughly like this:
public class SecureAction extends Action { public ActionForward execute(mapping, form, request, response) {
// get the app and user and call:
return execute(mapping,form,request,response,app,user);
}public abstract ActionForward execute(mapping,form,request,response,app,user);
}
That way you don't have to have every single Action class in your entire application work this way, but you can consolidate the common preparation behavior where you do need it.
So to sum this up, when I am in the RequestProcessor, is there anyway to find the Action they are going to, so I can do my check of logged in? I am looking at the method signature and do not see anything but a request and response object here.
Depends on where you are in the RequestProcessor. Certainly one of the shortcomings of the design used for RequestProcessor is that within individual steps of the process, your context is limited to what was conceived in the original design. The commons-chain based request processor which is the basis of Struts 1.3 eliminates this problem by passing a more generalized "ActionContext" to each stage of the request process, and the contents of this context can be changed more flexibly.
Anyway, the ActionMapping which is passed to executeAction tells you the action they are going to, and is also a good general purpose way to pass configuration information around. You can use the "parameter" property of the ActionMapping to store any single value you like, and if that's not enough, you can subclass ActionMapping and add more arbitrary properties. (And in Struts 1.3, ActionMapping simply has an arbitrary map of properties so you don't have to subclass it to have richer configuration.)
So I'm not sure if I've helped you at all, but if not, maybe you can help clear me up on some of these things...
Best
JoeAt 9:04 AM -0500 4/14/05, Scott Purcell wrote:
Hello,
I hope I have not beaten this to death on this list, but I have never gotten an answer that has served my interest. So I rethought the question and I am reposting it now.
The application I created, is a web-app in which a login is required of a "username" and "password". Pretty standard stuff. I am not using container authentication, I am just going to a database and pulling out data based upon the entries.
The way I configured this, is I extended the RequestProcessor, and each time a user hits the Controller, I check if there is a "user" object in the session. If there is great. If not I create a new one and set a logged in boolean to false. Now if the user has successfully logged in, I set the logged in boolean to true.
This step is where I ran into problems. I checked the FAQ on session expiration handling, and the FAQs recommended extending a base action class and checking for the logged in flag. If the flag was not set, then I would throw a global exception, throw them to the front door with a ActionMessage stating "session expired".
Now don't get me wrong this works, but by extending the Action class I kind of screwed myself by not being able to use a RequestDispatcher because now the signature of the "subclassed action" was not the same as what the requestDispatcher is looking for. When I extended the Action, I added a check for the user flag:
eg:
public ActionForward executeAction(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response,
AppObject appObject,
UserObject user)
throws Exception {
So to sum this up, when I am in the RequestProcessor, is there anyway to find the Action they are going to, so I can do my check of logged in? I am looking at the method signature and do not see anything but a request and response object here.
Or is there another method I should be extending to find out where they are going? Because if I can see that they are going to an inside page, and their flag is set to "not logged in", then I can send them to the front door with a message stating "session expired" and not send the message to people who are just hitting the front login page.
If this does not make sense, please email me back.
Thanks for your time, Scott
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--
Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com "Narrow minds are weapons made for mass destruction" -The Ex
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
