struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Graham" <dgraham1...@hotmail.com>
Subject Re: Request losing data after container security check
Date Thu, 05 Dec 2002 16:34:29 GMT
Your authentication filter could do this:
1. Is user logged in, yes forward to resource, no go to 2.
2. Forward to login page with the url the user wants to go to.
3. User logs in and login action sends them to url stored in step 2.

This handles not only form submission but clicking links as well.  You'll 
probably have to set your form's method to "get" so the parameters are in 
the url's query string for the login action to see.

David






>From: "Michael Lee" <mleejr@hotmail.com>
>Reply-To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
>To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
>Subject: Re: Request losing data after container security check
>Date: Thu, 5 Dec 2002 10:59:36 -0500
>
>Its an http request. It should't matter if the session times out or not.
>a.jsp is posting data to a.do through an http request. If we have container
>managed security it should just forward the data.
>
>"When the container times out the session it doesn't touch the browser. 
>When
>the user clicks on a field to create an action the request is still
>available to the container. "
>Ya, that's why I'm so perplexed? The user typed in the info, leaves to make
>a sandwich, comes back and clicks submit. Regardless of session timeout, if
>this is an http request it should alway work the same except maybe with a
>login before it shows the results.
>thanks,
>Mike
>
>----- Original Message -----
>From: "edgar" <edgar@blue-moose.net>
>To: "'Struts Users Mailing List'" <struts-user@jakarta.apache.org>
>Sent: Wednesday, December 04, 2002 7:22 PM
>Subject: RE: Request losing data after container security check
>
>
> > If you care enough about this situation you can satisfy most of it with
> > an authentication filter and a custom logon action.
> >
> > When the container times out the session it doesn't touch the browser.
> > When the user clicks on a field to create an action the request is still
> > available to the container.  If you write your own authentication
> > filter, you can take what you need from the request and stick it
> > someplace until the user establishes a valid session.  When the user has
> > established the session then you grab it and put him back where he was.
> >
> > Edgar
> >
> > -----Original Message-----
> > From: David Graham [mailto:dgraham1980@hotmail.com]
> > Sent: Wednesday, December 04, 2002 4:59 PM
> > To: 'struts-user@jakarta.apache.org'
> > Subject: Re: Request losing data after container security check
> >
> >
> > That's the way session time outs are supposed to work.  This is a
> > security
> > feature when people leave in the middle of something.  The user must
> > complete the transaction in one sitting.
> >
> > If you don't want that to happen then set your session timeout to an
> > incredibly large number of minutes or (I think) entering 0 disables it
> > on
> > some containers.
> >
> > David
> >
> >
> >
> >
> >
> >
> > >From: "Michael Lee" <mleejr@hotmail.com>
> > >Reply-To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> > >To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> > >Subject: Re: Request losing data after container security check
> > >Date: Wed, 4 Dec 2002 16:50:40 -0500
> > >
> > >i know.
> > >a.jsp calls a.do which forwards to b.jsp
> > >user enters data in a.jsp
> > >user leaves
> > >session times out
> > >user clicks submit on a.jsp
> > >a.do action is of scope request
> > >when we get to b.jsp, it should display the data entered on a.jsp
> > >(verify
> > >screen)
> > >it does not if the session times out and the user has to log in again
> > >thanks,
> > >Mike
> > >
> > >----- Original Message -----
> > >From: "David Graham" <dgraham1980@hotmail.com>
> > >To: <struts-user@jakarta.apache.org>
> > >Sent: Wednesday, December 04, 2002 4:09 PM
> > >Subject: Re: Request losing data after container security check
> > >
> > >
> > > > The session only times out if it's idle; it won't timeout in mid
> > >request.
> > > > You lose session data when it times out.  You lose request data
> > > > after
> > >the
> > > > response has been sent for a particular request.
> > > >
> > > > David
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > >From: "Michael Lee" <mleejr@hotmail.com>
> > > > >Reply-To: "Struts Users Mailing List"
> > > > ><struts-user@jakarta.apache.org>
> > > > >To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> > > > >Subject: Re: Request losing data after container security check
> > > > >Date: Wed, 4 Dec 2002 15:48:15 -0500
> > > > >
> > > > >?This doesnt sound right.
> > > > >Its just an http request. It shouldn't lose anything except session
> > >data.
> > > > >The container should route the http request and all the request
> > > > >items
> > >from
> > > > >the form.
> > > > >thanks,
> > > > >Mike
> > > > >
> > > > >----- Original Message -----
> > > > >From: "David Graham" <dgraham1980@hotmail.com>
> > > > >To: <struts-user@jakarta.apache.org>
> > > > >Sent: Wednesday, December 04, 2002 3:03 PM
> > > > >Subject: Re: Request losing data after container security check
> > > > >
> > > > >
> > > > > > If the session times out then you probably want the user to
go
> > > > > > back
> > >to
> > > > >the
> > > > > > start page anyways.  Request data is only stored by the
> > > > > > container
> > >long
> > > > > > enough to complete a request for one page so it won't be around
> > >after
> > > > >that
> > > > > > request.
> > > > > >
> > > > > > David
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > >From: "Michael Lee" <mleejr@hotmail.com>
> > > > > > >Reply-To: "Struts Users Mailing List"
> > ><struts-user@jakarta.apache.org>
> > > > > > >To: "Struts Users Mailing List"
> > > > > > ><struts-user@jakarta.apache.org>
> > > > > > >Subject: Request losing data after container security check
> > > > > > >Date: Wed, 4 Dec 2002 14:27:16 -0500
> > > > > > >
> > > > > > >I have a screen a.jsp that calls a.do which then forwards
to
> > > > > > >b.jsp I have a form called AForm.java. I have a field called
> > > > > > >email in
> > > > >AForm.java.
> > > > > > >In a.jsp a user can set email, call a.do and then forward
to
> > > > > > >b.jsp
> > > > >which
> > > > > > >does a <bean:write name="aForm" property="email"/>.
This works
> > > > > > >just
> > > > >fine
> > > > > > >and outputs the email.
> > > > > > >Problem is, if the session times out (15 mins) then the
user is
> > > > >required
> > > > >to
> > > > > > >log back in. If the data is entered on a.jsp and the session
> > > > > > >times
> > >out
> > > > >and
> > > > > > >the user clicks submit, then when it gets to b.jsp it doesn't
> > > > > > >have
> > >any
> > > > > > >data? In the struts config a.do is of scope="request". I
would
> > >think
> > > > >that
> > > > >a
> > > > > > >request would keep that data unlike scope="session".
> > > > > > >I want to keep the data upon submit, even if the container
> > > > > > >wants to validate the user. thanks,
> > > > > > >Mike
> > > > > >
> > > > > >
> > > > > >
> > _________________________________________________________________
> > > > > > The new MSN 8: advanced junk mail protection and 2 months FREE*
> > > > > > http://join.msn.com/?page=features/junkmail
> > > > > >
> > > > > >
> > > > > > --
> > > > > > To unsubscribe, e-mail:
> > > > ><mailto:struts-user-unsubscribe@jakarta.apache.org>
> > > > > > For additional commands, e-mail:
> > > > ><mailto:struts-user-help@jakarta.apache.org>
> > > > > >
> > > > >
> > > > >--
> > > > >To unsubscribe, e-mail:
> > > > ><mailto:struts-user-unsubscribe@jakarta.apache.org>
> > > > >For additional commands, e-mail:
> > > > ><mailto:struts-user-help@jakarta.apache.org>
> > > >
> > > >
> > > > _________________________________________________________________
> > > > Add photos to your e-mail with MSN 8. Get 2 months FREE*.
> > > > http://join.msn.com/?page=features/featuredemail
> > > >
> > > >
> > > > --
> > > > To unsubscribe, e-mail:
> > ><mailto:struts-user-unsubscribe@jakarta.apache.org>
> > > > For additional commands, e-mail:
> > ><mailto:struts-user-help@jakarta.apache.org>
> > > >
> > >
> > >--
> > >To unsubscribe, e-mail:
> > ><mailto:struts-user-unsubscribe@jakarta.apache.org>
> > >For additional commands, e-mail:
> > ><mailto:struts-user-help@jakarta.apache.org>
> >
> >
> > _________________________________________________________________
> > Protect your PC - get McAfee.com VirusScan Online
> > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> >
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:struts-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:struts-user-help@jakarta.apache.org>
> >
> >
> > --
> > To unsubscribe, e-mail:
><mailto:struts-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
><mailto:struts-user-help@jakarta.apache.org>
> >
>
>--
>To unsubscribe, e-mail:   
><mailto:struts-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: 
><mailto:struts-user-help@jakarta.apache.org>


_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message