struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Edgar P. Dollin" <ed...@blue-moose.net>
Subject RE: Struts and session
Date Tue, 17 Dec 2002 16:42:27 GMT
You don't forward from the filter, you send an error to the container.
The container has a configurable login page i.e. from web.xml.

    <error-page>
        <error-code>401</error-code>
        <location>/WEB-INF/jsp/requestUserLogin.jsp</location>
    </error-page>

Edgar

-----Original Message-----
From: Justin Ashworth [mailto:justin-struts@ashworth.org] 
Sent: Tuesday, December 17, 2002 11:16 AM
To: 'Struts Users Mailing List'
Subject: Re: Struts and session


Hi Doug,

The filter does work with Struts - it just doesn't make use of it.  Your
request goes through the filter even before the Struts ActionServlet is
invoked, so all of this happens before Struts comes into the picture in
a request.  You really don't need struts for this - you are basically
just getting a session attribute and if it comes back null you forward
to a login page, using a RequestDispatcher.  Having to hard-code (or
config file) the login page URL is the only thing that Struts would be
able to help with here, but as far as I've seen Struts doesn't provide
any help in Filters.

If anybody knows of a way to take advantage of a global forward from the
struts-config.xml file in a Filter, that would be very useful
information.

Thanks,

Justin

----- Original Message -----
From: "Doug Ogateter" <hinbsls@yahoo.ca>
To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
Sent: Tuesday, December 17, 2002 11:04 AM
Subject: Re: Struts and session


>
> Justin:
>
> Thank you for reply.
> That's a good idea. One more question, can filter works with struts? 
> Doug  Justin Ashworth <justin-struts@ashworth.org> wrote:Hi Doug,
>
> We use a javax.servlet.Filter to check for an expired session. I found
this
> idea on some website or in the Struts-User archives and it makes the 
> most sense to me. All requests go through the filter before they hit 
> the servlet, so this is the perfect place to check for whether or not 
> a user
is
> logged in - it's hidden away and it's executed before anything else. 
> Just create a class that implements javax.servlet.Filter. There are 
> three methods to implement in this class, but the real work will be 
> done in the
> doFilter() method. In doFilter() you can call
> request.getSession().getAttribute("someAttribute") on an attribute
that
> should always be there if the session is valid, and if it's not there
> forward them to the login screen (this will be a
RequestDispatcher.forward()
> and not a Struts ActionForward). Your doFilter() method will be 
> specific
to
> your application, but the other two methods you need to implement,
> getFilterConfig() and setFilterConfig() are just a basic getter and 
> setter for a FilterConfig member variable. Also, it is good practice 
> that if you aren't forwarding back to the login page in your doFilter 
> method, you call filterChain.doFilter(request, response). filterChain 
> is a parameter to
this
> method and represents a chain of filters you have configured in your
web.xml
> file. See the JavaDoc for more info. Your entry for the filter in your

> web.xml file will look something like this:
>
>
> LoginFilter
> com.d.p.w.LoginFilter
>
>
>
> LoginFilter
> *.do
>
>
> If you plan well you should also be able to figure out which page the 
> user was heading to when their session timed out and pass that back to

> the
login
> screen so that they go directly to it after login. I can't give an 
> example of this because we haven't implemented it yet.
>
> HTH,
>
> Justin
>
> ----- Original Message -----
> From: "Doug Ogateter"
> To: "Struts Users Mailing List"
> Sent: Tuesday, December 17, 2002 9:26 AM
> Subject: Struts and session
>
>
> >
> > Greetings:
> >
> > I am using struts1.1b2 to implement a web application. I have a 
> > question regarding to implementing session timeout. When session is 
> > invalidated, user who has logged in the system should be forwarded 
> > to
> login page.
> > I am not clear about the followings, and hope someone can help me 
> > out.
> >
> > 1. Should I use request.getSession(false) to check if session is 
> > timeout? If so, that means for every request, it will check if 
> > session
is
> > invaildate. Will it cause performance problem? If not, which methods

> > should I call to check it?
> >
> > 2. If I should use request.getSession(false) to check session 
> > timeout, where should I write the code? Should I write the code in 
> > every action class?
> >
> > 3. There are many methods related to session, such as 
> > getCreationTime, getLastAccessedTime,..Where and how should I use 
> > them in the implementation?
> >
> > 4.From my understanding, I can set timeout in web.xml or use 
> > setMaxInactiveIterval(int ..). Usually which way should be use?
> >
> > 5. After user login, I want to forward the user to the page where he

> > was when session timeout. Where should I save the information(with 
> > the information, I know where I should forward the user to)?
> >
> > I searched the archive. However, it seems that I can't find the 
> > specific info.
> >
> > Your help is highly appreicated.
> >
> > Doug
> >
> >
> >
> >
> > ---------------------------------
> > Post your free ad now! Yahoo! Canada Personals
> >
>
>
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:
>
>
>
> ---------------------------------
> Post your free ad now! Yahoo! Canada Personals
>


--
To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message