struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Edgar Dollin" <ed...@blue-moose.net>
Subject RE: Request losing data after container security check
Date Fri, 06 Dec 2002 15:47:06 GMT
This is the way CMS works, there is actually an interim request for the
login so your original request doesn't exist anymore.  That is why I
suggested using a filter for authentication since you can better control the
authentication cycle.  If you think it is a bug then you would have to get
the CMS specification changed.

Edgar

-----Original Message-----
From: Michael Lee [mailto:mleejr@hotmail.com]
Sent: Friday, December 06, 2002 10:19 AM
To: 'Struts Users Mailing List'
Subject: Re: Request losing data after container security check


Hey david, thanks again! I appreciate all your input on this.

I have a filter we use for other purposes but we use container managed
security. We have a lot tied into this.
Also, these requests use struts forms. We use post requests throughout the
system so url encoding is out of the question, at least until the next
version.
I noticed this behavior in all my struts actions. This seems like a bug to
me. Don't know if its with j_security_check wiping out the http request form
data or struts not sending it properly.
thanks again,
Mike

----- Original Message -----
From: "David Graham" <dgraham1980@hotmail.com>
To: <struts-user@jakarta.apache.org>
Sent: Thursday, December 05, 2002 11:34 AM
Subject: Re: Request losing data after container security check


> Your authentication filter could do this:
> 1. Is user logged in, yes forward to resource, no go to 2.
> 2. Forward to login page with the url the user wants to go to.
> 3. User logs in and login action sends them to url stored in step 2.
>
> This handles not only form submission but clicking links as well.  You'll
> probably have to set your form's method to "get" so the parameters are in
> the url's query string for the login action to see.
>
> David
>
> >From: "Michael Lee" <mleejr@hotmail.com>
> >Reply-To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> >To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> >Subject: Re: Request losing data after container security check
> >Date: Thu, 5 Dec 2002 10:59:36 -0500
> >
> >Its an http request. It should't matter if the session times out or not.
> >a.jsp is posting data to a.do through an http request. If we have
container
> >managed security it should just forward the data.
> >
> >"When the container times out the session it doesn't touch the browser.
> >When
> >the user clicks on a field to create an action the request is still
> >available to the container. "
> >Ya, that's why I'm so perplexed? The user typed in the info, leaves to
make
> >a sandwich, comes back and clicks submit. Regardless of session timeout,
if
> >this is an http request it should alway work the same except maybe with a
> >login before it shows the results.
> >thanks,
> >Mike
> >
> >----- Original Message -----
> >From: "edgar" <edgar@blue-moose.net>
> >To: "'Struts Users Mailing List'" <struts-user@jakarta.apache.org>
> >Sent: Wednesday, December 04, 2002 7:22 PM
> >Subject: RE: Request losing data after container security check
> >
> >
> > > If you care enough about this situation you can satisfy most of it
with
> > > an authentication filter and a custom logon action.
> > >
> > > When the container times out the session it doesn't touch the browser.
> > > When the user clicks on a field to create an action the request is
still
> > > available to the container.  If you write your own authentication
> > > filter, you can take what you need from the request and stick it
> > > someplace until the user establishes a valid session.  When the user
has
> > > established the session then you grab it and put him back where he
was.
> > >
> > > Edgar
> > >
> > > -----Original Message-----
> > > From: David Graham [mailto:dgraham1980@hotmail.com]
> > > Sent: Wednesday, December 04, 2002 4:59 PM
> > > To: 'struts-user@jakarta.apache.org'
> > > Subject: Re: Request losing data after container security check
> > >
> > >
> > > That's the way session time outs are supposed to work.  This is a
> > > security
> > > feature when people leave in the middle of something.  The user must
> > > complete the transaction in one sitting.
> > >
> > > If you don't want that to happen then set your session timeout to an
> > > incredibly large number of minutes or (I think) entering 0 disables it
> > > on
> > > some containers.
> > >
> > > David
> > >
> > >
> > >
> > >
> > >
> > >
> > > >From: "Michael Lee" <mleejr@hotmail.com>
> > > >Reply-To: "Struts Users Mailing List"
<struts-user@jakarta.apache.org>
> > > >To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> > > >Subject: Re: Request losing data after container security check
> > > >Date: Wed, 4 Dec 2002 16:50:40 -0500
> > > >
> > > >i know.
> > > >a.jsp calls a.do which forwards to b.jsp
> > > >user enters data in a.jsp
> > > >user leaves
> > > >session times out
> > > >user clicks submit on a.jsp
> > > >a.do action is of scope request
> > > >when we get to b.jsp, it should display the data entered on a.jsp
> > > >(verify
> > > >screen)
> > > >it does not if the session times out and the user has to log in again
> > > >thanks,
> > > >Mike
> > > >
> > > >----- Original Message -----
> > > >From: "David Graham" <dgraham1980@hotmail.com>
> > > >To: <struts-user@jakarta.apache.org>
> > > >Sent: Wednesday, December 04, 2002 4:09 PM
> > > >Subject: Re: Request losing data after container security check
> > > >
> > > >
> > > > > The session only times out if it's idle; it won't timeout in mid
> > > >request.
> > > > > You lose session data when it times out.  You lose request data
> > > > > after
> > > >the
> > > > > response has been sent for a particular request.
> > > > >
> > > > > David
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > >From: "Michael Lee" <mleejr@hotmail.com>
> > > > > >Reply-To: "Struts Users Mailing List"
> > > > > ><struts-user@jakarta.apache.org>
> > > > > >To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> > > > > >Subject: Re: Request losing data after container security check
> > > > > >Date: Wed, 4 Dec 2002 15:48:15 -0500
> > > > > >
> > > > > >?This doesnt sound right.
> > > > > >Its just an http request. It shouldn't lose anything except
session
> > > >data.
> > > > > >The container should route the http request and all the request
> > > > > >items
> > > >from
> > > > > >the form.
> > > > > >thanks,
> > > > > >Mike
> > > > > >
> > > > > >----- Original Message -----
> > > > > >From: "David Graham" <dgraham1980@hotmail.com>
> > > > > >To: <struts-user@jakarta.apache.org>
> > > > > >Sent: Wednesday, December 04, 2002 3:03 PM
> > > > > >Subject: Re: Request losing data after container security check
> > > > > >
> > > > > >
> > > > > > > If the session times out then you probably want the user
to go
> > > > > > > back
> > > >to
> > > > > >the
> > > > > > > start page anyways.  Request data is only stored by the
> > > > > > > container
> > > >long
> > > > > > > enough to complete a request for one page so it won't be
around
> > > >after
> > > > > >that
> > > > > > > request.
> > > > > > >
> > > > > > > David
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > >From: "Michael Lee" <mleejr@hotmail.com>
> > > > > > > >Reply-To: "Struts Users Mailing List"
> > > ><struts-user@jakarta.apache.org>
> > > > > > > >To: "Struts Users Mailing List"
> > > > > > > ><struts-user@jakarta.apache.org>
> > > > > > > >Subject: Request losing data after container security
check
> > > > > > > >Date: Wed, 4 Dec 2002 14:27:16 -0500
> > > > > > > >
> > > > > > > >I have a screen a.jsp that calls a.do which then forwards
to
> > > > > > > >b.jsp I have a form called AForm.java. I have a field
called
> > > > > > > >email in
> > > > > >AForm.java.
> > > > > > > >In a.jsp a user can set email, call a.do and then forward
to
> > > > > > > >b.jsp
> > > > > >which
> > > > > > > >does a <bean:write name="aForm" property="email"/>.
This
works
> > > > > > > >just
> > > > > >fine
> > > > > > > >and outputs the email.
> > > > > > > >Problem is, if the session times out (15 mins) then
the user
is
> > > > > >required
> > > > > >to
> > > > > > > >log back in. If the data is entered on a.jsp and the
session
> > > > > > > >times
> > > >out
> > > > > >and
> > > > > > > >the user clicks submit, then when it gets to b.jsp
it doesn't
> > > > > > > >have
> > > >any
> > > > > > > >data? In the struts config a.do is of scope="request".
I
would
> > > >think
> > > > > >that
> > > > > >a
> > > > > > > >request would keep that data unlike scope="session".
> > > > > > > >I want to keep the data upon submit, even if the container
> > > > > > > >wants to validate the user. thanks,
> > > > > > > >Mike
> > > > > > >
> > > > > > >
> > > > > > >
> > > _________________________________________________________________
> > > > > > > The new MSN 8: advanced junk mail protection and 2 months
FREE*
> > > > > > > http://join.msn.com/?page=features/junkmail
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > To unsubscribe, e-mail:
> > > > > ><mailto:struts-user-unsubscribe@jakarta.apache.org>
> > > > > > > For additional commands, e-mail:
> > > > > ><mailto:struts-user-help@jakarta.apache.org>
> > > > > > >
> > > > > >
> > > > > >--
> > > > > >To unsubscribe, e-mail:
> > > > > ><mailto:struts-user-unsubscribe@jakarta.apache.org>
> > > > > >For additional commands, e-mail:
> > > > > ><mailto:struts-user-help@jakarta.apache.org>
> > > > >
> > > > >
> > > > > _________________________________________________________________
> > > > > Add photos to your e-mail with MSN 8. Get 2 months FREE*.
> > > > > http://join.msn.com/?page=features/featuredemail
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe, e-mail:
> > > ><mailto:struts-user-unsubscribe@jakarta.apache.org>
> > > > > For additional commands, e-mail:
> > > ><mailto:struts-user-help@jakarta.apache.org>
> > > > >
> > > >
> > > >--
> > > >To unsubscribe, e-mail:
> > > ><mailto:struts-user-unsubscribe@jakarta.apache.org>
> > > >For additional commands, e-mail:
> > > ><mailto:struts-user-help@jakarta.apache.org>
> > >
> > >
> > > _________________________________________________________________
> > > Protect your PC - get McAfee.com VirusScan Online
> > > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> > > <mailto:struts-user-unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail:
> > > <mailto:struts-user-help@jakarta.apache.org>
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> ><mailto:struts-user-unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail:
> ><mailto:struts-user-help@jakarta.apache.org>
> > >
> >
> >--
> >To unsubscribe, e-mail:
> ><mailto:struts-user-unsubscribe@jakarta.apache.org>
> >For additional commands, e-mail:
> ><mailto:struts-user-help@jakarta.apache.org>
>
>
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>
> --
> To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>
>

--
To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message