tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiming Huang <tomcat_hu...@yahoo.com>
Subject Re: Create session on Tomcat 4.1.24
Date Fri, 24 Oct 2003 20:16:53 GMT
Hi,

In my struts-config.xml, the logon action mappings
looks like this:

<action-mapping>
    <action path=/logon"
                  type = "com.act.logon.LogonAction"
                  name="logonForm"
                 scope="request"
                 input="/logon/logon.jsp"
    <forward name="logon" path="/logon/logon.jsp"/>
    <forward name="changePassword"
path="/logon/changePassword.jsp"/>
    <forward name="failure"
path="/logon/accessDenied.jsp"/>
    <forward name="success" path="/main/main.jsp"
redirect="true"/>
    </action>

The main.jsp is the page that use the check logon
taglib.  If I remove the
redirect="true" attribute in the forward element, it
seems to work.  But why
it behaves differently (4.0.4 vs 4.1.24)?  Does the
redirect="true" cause a
new session to be created?  Does tomcat store the
sessionid in cookie?

Thanks,
Chiming


----- Original Message -----
From: "Shapira, Yoav" <Yoav.Shapira@mpi.com>
To: "Tomcat Users List"
<tomcat-user@jakarta.apache.org>
Sent: Friday, October 24, 2003 11:02 AM
Subject: RE: Create session on Tomcat 4.1.24


>
> Owdy,
> And what do you see in your logs?  Successful login,
and then
> redirection to access denied page?
>
> Yoav Shapira
> Millennium ChemInformatics
>
>
> >-----Original Message-----
> >From: Chiming Huang [mailto:tomcat_huang@yahoo.com]
> >Sent: Friday, October 24, 2003 10:58 AM
> >To: Tomcat Users List
> >Subject: RE: Create session on Tomcat 4.1.24
> >
> >Hi,
> >
> >Thank you for your quick response.  We are using
Tomcat 4.0.4, Struts
> 1.0.2
> >for our application.  In the perform() method of
the logon action
> class, we
> >get the HttpSession, say session, by calling
request.getSession().  And
> >then store the "user" class by calling
session.setAttribute("userinfo",
> >user).  Also, we have a taglib to check if user has
been logged on by
> >retrieving the session attribute "userinfo". If the
userinfo attribute
> is
> >null, the taglib will forward to assess denied
page.  Following are the
> >snippets of my logon action class and the check
logon taglib.
> >
> >It was working fine on 4.0.4.  Now with 4.1.24,
after logged in, user
> will
> >be forwarded to the access denied page.
> >
> >Thanks again.
> >Chiming
> >
> >//////////////////////////
> >public final class LogonAction extends Action
> >{
> >    // Public Methods
>
-----------------------------------------------------
> >----
> >
> >    /**
> >     * Process the specified HTTP request, and
create the corresponding
> >HTTP
> >     * response (or forward to another web
component that will create
> it).
> >     * Return an <code>ActionForward</code>
instance describing where
> and
> >how
> >     * control should be forwarded, or
<code>null</code> if the
> response
> >has
> >     * already been completed.
> >     *
> >     * @param mapping The ActionMapping used to
select this instance
> >     * @param actionForm The optional ActionForm
bean for this request
> (if
> >any)
> >     * @param request The HTTP request we are
processing
> >     * @param response The HTTP response we are
creating
> >     *
> >     * @exception IOException if an input/output
error occurs
> >     * @exception ServletException if a servlet
exception occurs
> >     */
> > public ActionForward perform(ActionMapping
mapping,
> >        ActionForm form,
> >        HttpServletRequest request,
> >        HttpServletResponse response)
> >  throws IOException, ServletException
> > {
> >
> >....
> >
> >  Auth auth = new Auth(path);
> >  User user = auth.authenticate(username,
password);
> >  if(user == null)
> >  {
> >   errors.add(ActionErrors.GLOBAL_ERROR,
> >        new
ActionError("error.password.mismatch"));
> >  }
> >
> >  // Report any errors we have discovered back to
the original form
> >  if (!errors.empty())
> >  {
> >   ((LogonForm) form).setStatus("Invalid username
or password");
> >   saveErrors(request, errors);
> >   servlet.log(" ***User is not logged on in
session "
> >                            );
> >   return (mapping.findForward("logon"));
> >  }
> >
> >  HttpSession session = request.getSession();
> >  session.setAttribute(ConstantStrings.USER, user);
> >  if (servlet.getDebug() >= 1)
> >   servlet.log("LogonAction: User '" +
user.getUsername() +
> >      "' logged on in session " + session.getId());
> >
> >        // Remove the obsolete form bean
> >  if (mapping.getAttribute() != null)
> >  {
> >   if ("request".equals(mapping.getScope()))
> >   
request.removeAttribute(mapping.getAttribute());
> >   else
> >
>
>request.getSession().removeAttribute(mapping.getAttribute());
> >        }
> >  // Forward control to the specified success URI
> >  return (mapping.findForward("success"));
> >    }
> >}
> >
> >//////////////////////////////////////////////
> >public final class CheckLogonTag extends TagSupport
{
> >    // --------- Instance Variables
> >
> >    /**
> >     * The page to which we should forward for the
user to log on.
> >     */
> >    private String page =
"/logon/accessDenied.jsp";
> >
> >    //
-----------------------------------------------------------
> >Properties
> >
> >    /**
> >     * Return the forward page.
> >     */
> >    public String getPage() {
> > return (this.page);
> >    }
> >
> >    /**
> >     * Set the forward page.
> >     *
> >     * @param page The new forward page
> >     */
> >    public void setPage(String page) {
> > this.page = page;
> >    }
> >
> >    // ----------------------- Public Methods
> >
> >    /**
> >     * Defer our checking until the end of this tag
is encountered.
> >     *
> >     * @exception JspException if a JSP exception
has occurred
> >     */
> >    public int doStartTag() throws JspException {
> > return (SKIP_BODY);
> >    }
> >
> >    /**
> >     * Perform our logged-in user check by looking
for the existence of
> >     * a session scope bean under the specified
name.  If this bean is
> not
> >     * present, control is forwarded to the
specified logon page.
> >     *
> >     * @exception JspException if a JSP exception
has occurred
> >     */
> >    public int doEndTag() throws JspException {
> > // Is there a valid user logged on?
> > boolean valid = false;
> > HttpSession session = pageContext.getSession();
> > if ((session != null) &&
(session.getAttribute(ConstantStrings.USER)
> !=
> >null))
> >     valid = true;
> > // Forward control based on the results
> > if (valid)
> >     return (EVAL_PAGE);
> > else {
> >     try {
> >  pageContext.forward(page);
> >     } catch (Exception e) {
> >  throw new JspException(e.toString());
> >     }
> >     return (SKIP_PAGE);
> > }
> >    }
> >
> >    /**
> >     * Release any acquired resources.
> >     */
> >    public void release() {
> >        super.release();
> >        this.page = "/logon/accessDenied.jsp";
> >    }
> >
> >}
> >
> >
> >
> >
> >"Shapira, Yoav" <Yoav.Shapira@mpi.com> wrote:
> >
> >Howdy,
> >Like tomcat 4.0.4, tomcat 4.1.24 creates an
HttpSession when you use
> >HttpServletRequest.getSession(). There's no magic
here now, there was
> >no magic here before. If you're running into a
specific error, post
> >details and we'll try to help ;)
> >
> >Yoav Shapira
> >Millennium ChemInformatics
> >
> >
> >>-----Original Message-----
> >>From: Chiming Huang
[mailto:tomcat_huang@yahoo.com]
> >>Sent: Friday, October 24, 2003 10:19 AM
> >>To: Tomcat User
> >>Subject: Create session on Tomcat 4.1.24
> >>
> >>Hi,
> >>
> >>I am trying to upgrade our current Tomcat 4.0.4 to
Tomcat 4.1.24.
> >After
> >>logged in our application, we store the user
information as an
> >attribute in
> >>the session. With Tomcat 4.1.24, it seems the
session was not created.
> >>How can I configure tomcat 4.1.24 to create
session automatically?
> >>
> >>Thanks in advance.
> >>Chiming
> >>
> >>
> >>---------------------------------
> >>Do you Yahoo!?
> >>The New Yahoo! Shopping - with improved product
search
> >
> >
> >
> >This e-mail, including any attachments, is a
confidential business
> >communication, and may contain information that is
confidential,
> >proprietary and/or privileged. This e-mail is
intended only for the
> >individual(s) to whom it is addressed, and may not
be saved, copied,
> >printed, disclosed or used by anyone else. If you
are not the(an)
> intended
> >recipient, please immediately delete this e-mail
from your computer
> system
> >and notify the sender. Thank you.
> >
> >
>
>---------------------------------------------------------------------
> >To unsubscribe, e-mail:
tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail:
tomcat-user-help@jakarta.apache.org
> >
> >
> >---------------------------------
> >Do you Yahoo!?
> >The New Yahoo! Shopping - with improved product
search
>
>
>
> This e-mail, including any attachments, is a
confidential business
communication, and may contain information that is
confidential, proprietary
and/or privileged.  This e-mail is intended only for
the individual(s) to
whom it is addressed, and may not be saved, copied,
printed, disclosed or
used by anyone else.  If you are not the(an) intended
recipient, please
immediately delete this e-mail from your computer
system and notify the
sender.  Thank you.
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
tomcat-user-help@jakarta.apache.org
>


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message