struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Seyhan BASMACI (Internet Yazilimlari Yetkilisi)" <sbasm...@teb.com.tr>
Subject RE: Prevent URL requested directly from browser
Date Tue, 16 Sep 2003 10:26:03 GMT
I think the best place to do such kind of task is to extend RequestProcessor class,
this approach takes session control from developers,

extend TilesRequestProcessor , change the controller class to your new class ( SessionRequestProcessor)
inside struts-config.xml.

here is the code 

public class SessionRequestProcessor extends TilesRequestProcessor{
	protected String processPath(HttpServletRequest request,
              								 HttpServletResponse response)	throws IOException 
 {
			
		String origPath = request.getRequestURI();

		if(!origPath.endsWith("/Login.do")){

        	HttpSession session =   request.getSession(false);  // get session only if it exists


		      if (session != null ) {    // session available, 
			
		          return super.processPath(request, response);  
		
		      }
          
		      else                    // redirect to login page 
		      
		        	return "/Login";	 
	} 

    else {
    
          HttpSession session =  request.getSession(false);  // get session only if it exists


      if (session != null)       
          session.invalidate(); 

    			return super.processPath(request, response);  // process login page request
			
      }
		
	}

	
}




-----Original Message-----
From: David LAFAY [mailto:david.lafay@laposte.net]
Sent: Tuesday, September 16, 2003 11:06 AM
To: struts-user@jakarta.apache.org
Subject: Re: Prevent URL requested directly from browser


PUT the following code into the begin of all your JSP :
<logic:notPresent name="REMOTEUSER">
<logic:forward name="login"/>
</logic:notPresent>

Then don't forget to declare a global forward named "login" for redirect to
your login.jsp
and don't forget to put de the user login name into the Session on your
LoginAction

David

"veera maria" <maria_veera@hotmail.com> a écrit dans le message news:
BAY9-F53P9ww1WySvX500001496@hotmail.com...
> Hello,
>
> What is the best way to prevent user to request web application's
> actions from browser manually?
>
> E.g. user is using web application and taking it's current url
> to clipboard. Then user goes e.g. to Google for surfing for a while.
> After surfing (s)he pastes web applications url back to browser's
> address field.
> Best technique in Struts applicaton to prevent this?
>
> Vera
>
> _________________________________________________________________
> Tilaa nyt Hotmail postit kännykkääsi! http://www.msn.fi/mobiili/




---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message