The alternative, if you can't or don't want to use container managed
security, is to have your SecureAction logic save the initial request
URL (and/or any required request parameters) to the user's session or
somewhere, and redirect to that location after authentication.
Unfortunately there's no standard mechanism for this in Struts, but it
shouldn't be too hard to implement according to the specific needs of
your application.
L.
netsql wrote:
Most people use JAAS/JDBC reals built into app servers like Resin,
Tomcat, etc.
It's done for you... and bug free.
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html
..V
James Woodward wrote:
Hello everyone,
I'm trying to figure out if there is an elegant solution to what I
want to do.
The application I am working on allows users to sign up for an account
and then enroll themselves into any courses currently being offered.
This is the scenario.
User Bob visits the site and views a calendar of courses. Bob decides
to view the description of a course that is being offered July 29th.
Bob is interested in the course and clicks on the Register button. Bob
has not authenticated at this point and is given a page that requires
him to enter his ID and Password. Bob enters the ID and Password and
then . . .
--What I want to happen is this--
Once Bob authenticates I want him to be able to continue on with what
he was doing. I want him to be taken to the next step of the
registration process which will include a message saying something
like "You are about to register in the course "Programming with
Struts" on July 29th" Are you sure you want to continue.
--What really happens is this--
Once Bob enters his ID and password he is forwarded to some default
page like Index.do
My current implementation has a secureAction that is extended by any
action that a user must be authenticated to access. This secureAction
checks to see if there is a session variable that is created when you
authenticate. If this variable doesn't exist it takes you to the logon
page. If it does exist you continue doing what you had intended to do.
It's probably obvious but keep in mind that this requires that we keep
track of the courseid as well as the intended url. I have numerous
pages that extend the secureAction and would like the idea of being
able to continue where you were before authenticating to work for all
of them.
If you have seen or done anything similar I'd appreciate any idea's
you have on the subject.
James
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
