struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amleto Di Salle" <disa...@di.univaq.it>
Subject R: R: Back Browser Button After Logout and Reload so that continue working
Date Thu, 24 Jun 2004 15:26:29 GMT
Hi,
I have the following classes and it seems to work:

1)
public class LoginAction extends Action {

    public ActionForward execute( ActionMapping actionMapping,
ActionForm actionForm, HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse ) throws InvalidLoginException {

        String login = ( ( LoginForm ) actionForm ).getLogin();
        String password = ( ( LoginForm ) actionForm ).getPassword();

        SecurityDelegate securityDelegate = new SecurityDelegate();
        UserTO user = securityDelegate.autentication( login, password );

        HttpSession session = httpServletRequest.getSession( false );
        if ( session != null ) {
            session.invalidate();
        }

        session = httpServletRequest.getSession( true );
        session.setAttribute( Constants.USER_INFO, user );

        return actionMapping.findForward( Constants.WELCOME );
    }

}

2) I have a BaseAction class and my the other classes extend it.
public abstract class BaseAction extends Action {

    public ActionForward execute( ActionMapping actionMapping,
ActionForm actionForm, HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse ) throws UserNotLoggedException
{
        HttpSession session = httpServletRequest.getSession( false );
        if ( session == null ) {
            throw new UserNotLoggedException( "User Not logged!" );
        }

        UserTO userTO = ( UserTO) session.getAttribute(
Constants.USER_INFO );
        if ( userTO == null ) {
            throw new UserNotLoggedException( "User not Logged!" );
        }
        return doExecute( actionMapping, actionForm, httpServletRequest,
httpServletResponse );
    }

    public abstract ActionForward doExecute( ActionMapping
actionMapping, ActionForm actionForm, HttpServletRequest
httpServletRequest, HttpServletResponse httpServletResponse );
}

3)
public class LogoutAction extends Action {

    public ActionForward execute( ActionMapping actionMapping,
ActionForm actionForm, HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse ) {

        HttpSession session = httpServletRequest.getSession( false );
        if ( session != null ) {
            session.invalidate();
        }
        return actionMapping.findForward( Constants.SUCCESS );
    }

}

BR
/Amleto


-----Messaggio originale-----
Da: manoj JC [mailto:manoj_jose@hotmail.com] 
Inviato: giovedì 24 giugno 2004 17.15
A: user@struts.apache.org
Oggetto: RE: R: Back Browser Button After Logout and Reload so that
continue working


Along the same lines


In the Login.do
You should have something like
HttpSession session = httpServletRequest.getSession( true );
if ( session != null ) {
   session.setAttribute("loggedin", true);
}

And in Logout.do
You should have something like
HttpSession session = httpServletRequest.getSession( false ); if (
session != null ) {
   session.setAttribute("loggedin", false);
}

The way I have done is, I have divided my action classes into two types.
One 
for logged in users and other for not logged in users. In struts-config
one 
of the attributs of the action class is "requiredlogin=yes" or 
"requiredlogin=no"

In the actionservlet, I check if the current action's
"requiredlogin=yes" if it is then check for the value
session.getAttribute("loggedin"); If it is 
false, you redirect the page to a login.do else you would send it to
correct 
action class.

Folks, please let me know if this a convoluted way of achieving this.

>From: "Amleto Di Salle" <disalle@di.univaq.it>
>Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
>To: "'Struts Users Mailing List'" <user@struts.apache.org>
>Subject: R: Back Browser Button After Logout and Reload so that 
>continue
>working
>Date: Thu, 24 Jun 2004 16:53:40 +0200
>
>Hi,
>one possible solution is to invalidate the session inside the 
>"LogoffAction".
>
>         HttpSession session = httpServletRequest.getSession( false );
>         if ( session != null ) {
>             session.invalidate();
>         }
>
>If you have already done and the problem remains, maybe you are using
>HttpServletRequest.getSession() method (or getSession(true)) inside the

>Actions (or "BaseAction" if you use a base class for your all actions, 
>in order to validate the users).
>
>BR
>/Amleto
>
>
>-----Messaggio originale-----
>Da: Ricardo Andres Quintero [mailto:rquintero@ubiquando.com.co]
>Inviato: giovedì 24 giugno 2004 15.41
>A: user@struts.apache.org
>Oggetto: Back Browser Button After Logout and Reload so that continue 
>working
>
>
>Hello my friends
>Followed i attach a message i found in the internet.
>I have found some conceptual solutions about this problem,
>but i DO need an example that works to solve it.
>
>The conceptual solution talks about a token syncronizer. I don't know 
>how to write it.
>
>Thank you in advanced.
>
><%-- THE PROBLEM --%>
>
>Hello,
>
>I used Struts to develop a web app which has a login form to permit 
>access to different functionnalities via a menu page. I use a session 
>var I set at login to check if the user has not logged out. The problem

>that I have is, once I do the logoff, if I use the Back button of the 
>browser to the menu page and do a refresh a new session gets created 
>and I'm able to use the app. I have a filter to do the verification but

>I tried before doing it in each Action and I have the same problem. I 
>don't access .jsp pages directly, I have an Action for each of them. I 
>read some posts but none seems to talk about my specific problem.
>
>It sounds like a begginer caveat but I have no idea what should I do or

>what am I doing wrong. Any help appreciated,
>
>Cezar
>
><%-- END OF THE PROBLEM --%>
>
>
>--
>Ricardo Andrés Quintero R.
>Ubiquando Ltda.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message