struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Cavaness <>
Subject Re: Oreilly Banking example - Login
Date Thu, 01 Jan 1970 00:00:00 GMT

  The messages you see are the result of validation errors and exceptions being thrown by
the security service. In the banking example, the LoginForm performs the validation to ensure
that both fields have been populated by the user. If not, the application doesn't even bother
attempting to authenticate against the service. (Note: Since this example is earlier in the
book, I was not using Dynamic Forms and/or the Validator like I do in the Storefront later
in the book)

The InvalidLoginException is thrown when both fields have been populated, but fail to authenticate
against some security realm, there's really no security realm used here, but in real life
this might be a RDBMS, LDAP, etc.

I hope that explains things better.

> From: "Eric Tse" <>
> Date: 2002/12/05 Thu AM 02:19:50 EST
> To: <>
> Subject: Oreilly Banking example - Login
> Hi all,
> I tried the online banking example from Oreilly (
. And I have a question of it and hope you can help.
> In struts-config.xml, it shows:
> <action
>     path="/login"
>     type="com.oreilly.struts.banking.action.LoginAction"
>     scope="request"
>     name="loginForm"
>     validate="true"
>     input="/login.jsp">
>     <forward name="Success" path="/action/getaccountinformation" redirect="true"/>
>     <forward name="Failure" path="/login.jsp" redirect="true"/>
>   </action>
> My understanding of the example is the following, please correct me if I understand wrong.
> 1. http://localhost:8080/banking
> 2. Login.jsp loaded, a form named loginForm is displayed, action=/banking/action/login
> 3. org.apache.struts.action.ActionServlet dispatches to "com.oreilly.struts.banking.action.LoginAction"
> 4. "com.oreilly.struts.banking.action.LoginAction" logins to SecurityService
> 5. SecurityService determines if login successful. If Yes, "com.oreilly.struts.banking.action.LoginAction"
continues to execute and finally forward to /action/getaccountinformation. If No, SecurityService
throws InvalidLoginException to ancestor (LoginAction), which throws Exception.
> My question appears in here. Which class handles the Exception and show the correct error
message? And so, where to define the error message? I saw different error message, e.g.:
> 1. The Access Number is required for login
> 2. The Pin Number is required for login
> 3. Invalid Access Number and/or Pin   
> Thanks a lot.
> ---
> Eric Tse 

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message