struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kris Schneider <k...@dotech.com>
Subject Re: Struts and session
Date Tue, 17 Dec 2002 19:37:56 GMT
Maybe something like the following. This is completely untested and you'd need
to plug in your own logic for when the module config or forward config are null.
If your action servlet is not set up to do load-on-startup, then this obviouly
won't work for the initial request.

import org.apache.struts.config.ForwardConfig;
import org.apache.struts.config.ModuleConfig;
import org.apache.struts.util.RequestUtils;
...
public void init(FilterConfig filterConfig) throws ServletException {
  this.filterConfig = filterConfig;
}

public void doFilter(ServletRequest req,
                     ServletResponse resp,
                     FilterChain chain) throws IOException,
                                               ServletException {
  HttpServletRequest request = (HttpServletRequest)req;
  HttpServletResponse response = (HttpServletResponse)resp;
  ModuleConfig config =
    RequestUtils.getModuleConfig(request,
                                 this.filterConfig.getServletContext());
  if (config == null) {
    // TODO: error?
  } else {
    boolen isLoginRequired = true;
    // check to see if user needs to log in
    if (isLoginRequired) {
      ForwardConfig forwardConfig = config.findForwardConfig("login");
      if (forwardConfig == null) {
        // TODO: error?
      } else {
        String forwardURL = RequestUtils.forwardURL(request, forwardConfig);
        if (forwardConfig.getRedirect()) {
          String redirectURL = response.encodeRedirectURL(forwardURL);
          response.sendRedirect(redirectURL);
        } else {
          request.getRequestDispatcher(forwardURL).forward(request, response);
        }
      }
    } else {
      chain.doFilter(request, response);
    }
  }
}

Quoting shirishchandra.sakhare@ubs.com:

> Hi Doug/Justin,
> Actually we had similar problem..We wanted to use a global forward if the
> user 
> is not logegd in so that he can be thrown to login page or any other page
> which 
> is configurable..And that is the reason we choose to include the login check
> in 
> our applications abstract action as you have access to ActionMApping object
> 
> there...
> 
> regards,
> Shirish
> 
> -----Original Message-----
> From: justin-struts [mailto:justin-struts@ashworth.org]
> Sent: Tuesday, December 17, 2002 5:16 PM
> To: struts-user
> Cc: justin-struts
> Subject: Re: Struts and session
> 
> 
> Hi Doug,
> 
> The filter does work with Struts - it just doesn't make use of it.  Your
> request goes through the filter even before the Struts ActionServlet is
> invoked, so all of this happens before Struts comes into the picture in a
> request.  You really don't need struts for this - you are basically just
> getting a session attribute and if it comes back null you forward to a
> login
> page, using a RequestDispatcher.  Having to hard-code (or config file) the
> login page URL is the only thing that Struts would be able to help with
> here, but as far as I've seen Struts doesn't provide any help in Filters.
> 
> If anybody knows of a way to take advantage of a global forward from the
> struts-config.xml file in a Filter, that would be very useful information.
> 
> Thanks,
> 
> Justin
> 
> ----- Original Message -----
> From: "Doug Ogateter" <hinbsls@yahoo.ca>
> To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> Sent: Tuesday, December 17, 2002 11:04 AM
> Subject: Re: Struts and session
> 
> 
> >
> > Justin:
> >
> > Thank you for reply.
> > That's a good idea. One more question, can filter works with struts?
> > Doug
> >  Justin Ashworth <justin-struts@ashworth.org> wrote:Hi Doug,
> >
> > We use a javax.servlet.Filter to check for an expired session. I found
> this
> > idea on some website or in the Struts-User archives and it makes the most
> > sense to me. All requests go through the filter before they hit the
> > servlet, so this is the perfect place to check for whether or not a user
> is
> > logged in - it's hidden away and it's executed before anything else. Just
> > create a class that implements javax.servlet.Filter. There are three
> > methods to implement in this class, but the real work will be done in the
> > doFilter() method. In doFilter() you can call
> > request.getSession().getAttribute("someAttribute") on an attribute that
> > should always be there if the session is valid, and if it's not there
> > forward them to the login screen (this will be a
> RequestDispatcher.forward()
> > and not a Struts ActionForward). Your doFilter() method will be specific
> to
> > your application, but the other two methods you need to implement,
> > getFilterConfig() and setFilterConfig() are just a basic getter and
> setter
> > for a FilterConfig member variable. Also, it is good practice that if you
> > aren't forwarding back to the login page in your doFilter method, you
> call
> > filterChain.doFilter(request, response). filterChain is a parameter to
> this
> > method and represents a chain of filters you have configured in your
> web.xml
> > file. See the JavaDoc for more info. Your entry for the filter in your
> > web.xml file will look something like this:
> >
> >
> > LoginFilter
> > com.d.p.w.LoginFilter
> >
> >
> >
> > LoginFilter
> > *.do
> >
> >
> > If you plan well you should also be able to figure out which page the
> user
> > was heading to when their session timed out and pass that back to the
> login
> > screen so that they go directly to it after login. I can't give an
> example
> > of this because we haven't implemented it yet.
> >
> > HTH,
> >
> > Justin
> >
> > ----- Original Message -----
> > From: "Doug Ogateter"
> > To: "Struts Users Mailing List"
> > Sent: Tuesday, December 17, 2002 9:26 AM
> > Subject: Struts and session
> >
> >
> > >
> > > Greetings:
> > >
> > > I am using struts1.1b2 to implement a web application. I have a
> > > question regarding to implementing session timeout. When session is
> > > invalidated, user who has logged in the system should be forwarded to
> > login page.
> > > I am not clear about the followings, and hope someone can help me out.
> > >
> > > 1. Should I use request.getSession(false) to check if session is
> > > timeout? If so, that means for every request, it will check if session
> is
> > > invaildate. Will it cause performance problem? If not, which methods
> > > should I call to check it?
> > >
> > > 2. If I should use request.getSession(false) to check session timeout,
> > > where should I write the code? Should I write the code in every action
> > > class?
> > >
> > > 3. There are many methods related to session, such as getCreationTime,
> > > getLastAccessedTime,..Where and how should I use them in the
> > > implementation?
> > >
> > > 4.From my understanding, I can set timeout in web.xml or use
> > > setMaxInactiveIterval(int ..). Usually which way should be use?
> > >
> > > 5. After user login, I want to forward the user to the page where he
> > > was when session timeout. Where should I save the information(with the
> > > information, I know where I should forward the user to)?
> > >
> > > I searched the archive. However, it seems that I can't find the
> > > specific info.
> > >
> > > Your help is highly appreicated.
> > >
> > > Doug
> > >
> > >
> > >
> > >
> > > ---------------------------------
> > > Post your free ad now! Yahoo! Canada Personals
> > >
> >
> >
> > --
> > To unsubscribe, e-mail:
> > For additional commands, e-mail:
> >
> >
> >
> > ---------------------------------
> > Post your free ad now! Yahoo! Canada Personals
> >
> 
> 
> --
> To unsubscribe, e-mail:  
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:  
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
> 


-- 
Kris Schneider <mailto:kris@dotech.com>
D.O.Tech       <http://www.dotech.com/>

--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message