struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Toni Lyytikäinen" <tol...@gmail.com>
Subject Re: Struts 2 Login example using a session
Date Wed, 27 Jun 2007 14:24:02 GMT
Or better yet, create a Login interceptor or Login filter that checks the
session and redirects to login page if the required key is not there. Make
package(s) of the actions you want to expose to authenticated users only and
put the interceptor into that packages interceptor stack.

On 6/27/07, Wesley Wannemacher <WesW@doubleatrailer.com> wrote:
>
> Hello Session,
>
> See replies in context below -
>
> > -----Original Message-----
> > From: Session Mwamufiya [mailto:smwamufi@andrew.cmu.edu]
> > Sent: Tuesday, June 26, 2007 11:58 PM
> > To: 'Struts Users Mailing List'
> > Subject: Struts 2 Login example using a session
> >
> > Hi,
> >
> > I tried to follow the simple login example at
> > http://struts.apache.org/2.x/docs/simplelogin-with-session.html, but
> there are many
> > things that I don't get:
> > - first, it's written for webworks, not struts 2, are there any
> compatibility issues between the two?
>
> I read that page and I would say that other than using <s: instead of
> <ww:, there are not any compatibility issues (and that isn't a real
> issue, one more of style).
>
> > - second, the session is never set with a timeout attribute, how do we
> actually enforce a timeout?
>
> The session timeout period is controlled by the app server as far as I
> know. For instance, I have the following using Tomcat4 -
>
>     <session-config>
>         <session-timeout>480</session-timeout>
>     </session-config>
>
> > - third, do we need to include a line like <jsp:include
> page="WEB-INF/inc/loginCheck.jsp" /> at the
> > beginning of every jsp file in our web app to check whether the user
> is still logged in; or is there
> > a more general way of ensuring that.
>
> I took a different approach than the authors of that page (and may
> update the wiki with my code if people feel it is appropriate. First
> off, I created a global result named "login" in a global package. When
> this result is encountered, it redirects to the Login action. Next, I
> created a class that implemented SessionAware and put all of the login
> logic in that class. Every action that needs to enforce a login inherits
> from that class. With my way, you can avoid includes... If I don't want
> to inherit from that "Authenticated" action, I can create a custom tag
> with the same logic (check the session for a user object, if not there,
> redirect to the Login action).
>
>
>
>
> Thanks,
>
> Session A. Mwamufiya
> Carnegie Mellon University
> MBA | Tepper School of Business
> MSE (software eng.) | School of Computer Science
> T: (412) 508-5455 | semwamufiya@cmu.edu
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message