struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Ashworth" <justin-str...@ashworth.org>
Subject Re: Struts and session
Date Tue, 17 Dec 2002 16:15:40 GMT
Hi Doug,

The filter does work with Struts - it just doesn't make use of it.  Your
request goes through the filter even before the Struts ActionServlet is
invoked, so all of this happens before Struts comes into the picture in a
request.  You really don't need struts for this - you are basically just
getting a session attribute and if it comes back null you forward to a login
page, using a RequestDispatcher.  Having to hard-code (or config file) the
login page URL is the only thing that Struts would be able to help with
here, but as far as I've seen Struts doesn't provide any help in Filters.

If anybody knows of a way to take advantage of a global forward from the
struts-config.xml file in a Filter, that would be very useful information.

Thanks,

Justin

----- Original Message -----
From: "Doug Ogateter" <hinbsls@yahoo.ca>
To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
Sent: Tuesday, December 17, 2002 11:04 AM
Subject: Re: Struts and session


>
> Justin:
>
> Thank you for reply.
> That's a good idea. One more question, can filter works with struts?
> Doug
>  Justin Ashworth <justin-struts@ashworth.org> wrote:Hi Doug,
>
> We use a javax.servlet.Filter to check for an expired session. I found
this
> idea on some website or in the Struts-User archives and it makes the most
> sense to me. All requests go through the filter before they hit the
> servlet, so this is the perfect place to check for whether or not a user
is
> logged in - it's hidden away and it's executed before anything else. Just
> create a class that implements javax.servlet.Filter. There are three
> methods to implement in this class, but the real work will be done in the
> doFilter() method. In doFilter() you can call
> request.getSession().getAttribute("someAttribute") on an attribute that
> should always be there if the session is valid, and if it's not there
> forward them to the login screen (this will be a
RequestDispatcher.forward()
> and not a Struts ActionForward). Your doFilter() method will be specific
to
> your application, but the other two methods you need to implement,
> getFilterConfig() and setFilterConfig() are just a basic getter and setter
> for a FilterConfig member variable. Also, it is good practice that if you
> aren't forwarding back to the login page in your doFilter method, you call
> filterChain.doFilter(request, response). filterChain is a parameter to
this
> method and represents a chain of filters you have configured in your
web.xml
> file. See the JavaDoc for more info. Your entry for the filter in your
> web.xml file will look something like this:
>
>
> LoginFilter
> com.d.p.w.LoginFilter
>
>
>
> LoginFilter
> *.do
>
>
> If you plan well you should also be able to figure out which page the user
> was heading to when their session timed out and pass that back to the
login
> screen so that they go directly to it after login. I can't give an example
> of this because we haven't implemented it yet.
>
> HTH,
>
> Justin
>
> ----- Original Message -----
> From: "Doug Ogateter"
> To: "Struts Users Mailing List"
> Sent: Tuesday, December 17, 2002 9:26 AM
> Subject: Struts and session
>
>
> >
> > Greetings:
> >
> > I am using struts1.1b2 to implement a web application. I have a
> > question regarding to implementing session timeout. When session is
> > invalidated, user who has logged in the system should be forwarded to
> login page.
> > I am not clear about the followings, and hope someone can help me out.
> >
> > 1. Should I use request.getSession(false) to check if session is
> > timeout? If so, that means for every request, it will check if session
is
> > invaildate. Will it cause performance problem? If not, which methods
> > should I call to check it?
> >
> > 2. If I should use request.getSession(false) to check session timeout,
> > where should I write the code? Should I write the code in every action
> > class?
> >
> > 3. There are many methods related to session, such as getCreationTime,
> > getLastAccessedTime,..Where and how should I use them in the
> > implementation?
> >
> > 4.From my understanding, I can set timeout in web.xml or use
> > setMaxInactiveIterval(int ..). Usually which way should be use?
> >
> > 5. After user login, I want to forward the user to the page where he
> > was when session timeout. Where should I save the information(with the
> > information, I know where I should forward the user to)?
> >
> > I searched the archive. However, it seems that I can't find the
> > specific info.
> >
> > Your help is highly appreicated.
> >
> > Doug
> >
> >
> >
> >
> > ---------------------------------
> > Post your free ad now! Yahoo! Canada Personals
> >
>
>
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:
>
>
>
> ---------------------------------
> Post your free ad now! Yahoo! Canada Personals
>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message