struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arnesen, Geir" <geir.arne...@aftenposten.no>
Subject SV: Security Filter and ActionForm
Date Sat, 11 Jan 2003 08:55:19 GMT
We use this consept. The loginform is unsecured (not filtered). When
trying to access a secured page with no session (this is checked by the
filter), - the request is forwarded to the loginpage. After successfull
logon, - you are sent to the originally selected page. If the logon
fails,- you gets the errror, - i.e. logon failed...

Geir

-----Opprinnelig melding-----
Fra: Curtney Jacobs [mailto:technomage@attbi.com] 
Sendt: 10. januar 2003 16:19
Til: Struts Users Mailing List
Emne: Security Filter and ActionForm


Greetings!!

I have a login ActionForm (LogInForm) and a associated login Action
class 
(LogInAction). When the form is submitted, the request is intercepted by
a 
Security Filter. The Security filter authenticates and perform necessary

authorization checks on the user via a ldap server.

If the user authentication fails, let say because of an invalid
password, how 
can I use my ActionForm (LogInForm) to indicate this error to the user?

I am aware that the Struts ActionForm and Action  have not even been 
instantiated/intitialize, since the security filter intercepted the
request.

I have thought of setting an attribute in the request scope, for
example, an 
"invalid flag" that the ActionForm validate method can check for. This
will 
then trigger the display of the login form and asociated error message
to the 
user.

I am not sure if the above is good practice :(

Any suggestions or comments will be much appreciated.

Curtney Jacobs
-- 
U-Interface.com

--
To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message