struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amleto Di Salle" <disa...@di.univaq.it>
Subject R: Re: R: R: Back Browser Button After Logout and Reload so that continue working
Date Thu, 24 Jun 2004 15:53:28 GMT
Ricardo Andres Quintero we receive several copies of your e-mails!!!!!

Please stop the spam...

BR
/Amleto


-----Messaggio originale-----
Da: Ricardo Andres Quintero [mailto:rquintero@ubiquando.com.co] 
Inviato: giovedì 24 giugno 2004 16.50
A: user@struts.apache.org
Oggetto: Fw: Re: R: R: Back Browser Button After Logout and Reload so
that continue working


thank u mark
but i need some code please
like Amleto Di Salle Wrote.


---------- Forwarded Message -----------
From: "Mark R. Diggory" <mdiggory@latte.harvard.edu>
To: Struts Users Mailing List <user@struts.apache.org>
Sent: Thu, 24 Jun 2004 11:36:22 -0400
Subject: Re: R: R: Back Browser Button After Logout and Reload so that
continue working

Where do you store your user information for authentication? What is 
behind your SecurityDelegate object.

Our current project uses Tomcat/Sruts, we use Form Authenticator and a 
JNDIRealm to authenticate our users which are configured in the 
server.xml, access to any webapplication resources is done via the the 
servlet api via security constraints which are configured in the web.xml

of the webapplication which allows us to block any restricted request 
and forward it to the login form. I highly recommend using it over a 
custom solution. Especially if you are trying to maintain a secure 
application in production.

-Mark

Amleto Di Salle wrote:
> Hi,
> I have the following classes and it seems to work:
> 
> 1)
> public class LoginAction extends Action {
> 
>     public ActionForward execute( ActionMapping actionMapping, 
> ActionForm actionForm, HttpServletRequest httpServletRequest, 
> HttpServletResponse httpServletResponse ) throws InvalidLoginException

> {
> 
>         String login = ( ( LoginForm ) actionForm ).getLogin();
>         String password = ( ( LoginForm ) actionForm ).getPassword();
> 
>         SecurityDelegate securityDelegate = new SecurityDelegate();
>         UserTO user = securityDelegate.autentication( login, password 
> );
> 
>         HttpSession session = httpServletRequest.getSession( false );
>         if ( session != null ) {
>             session.invalidate();
>         }
> 
>         session = httpServletRequest.getSession( true );
>         session.setAttribute( Constants.USER_INFO, user );
> 
>         return actionMapping.findForward( Constants.WELCOME );
>     }
> 
> }
> 
> 2) I have a BaseAction class and my the other classes extend it. 
> public abstract class BaseAction extends Action {
> 
>     public ActionForward execute( ActionMapping actionMapping, 
> ActionForm actionForm, HttpServletRequest httpServletRequest, 
> HttpServletResponse httpServletResponse ) throws 
> UserNotLoggedException {
>         HttpSession session = httpServletRequest.getSession( false );
>         if ( session == null ) {
>             throw new UserNotLoggedException( "User Not logged!" );
>         }
> 
>         UserTO userTO = ( UserTO) session.getAttribute( 
> Constants.USER_INFO );
>         if ( userTO == null ) {
>             throw new UserNotLoggedException( "User not Logged!" );
>         }
>         return doExecute( actionMapping, actionForm, 
> httpServletRequest, httpServletResponse );
>     }
> 
>     public abstract ActionForward doExecute( ActionMapping 
> actionMapping, ActionForm actionForm, HttpServletRequest 
> httpServletRequest, HttpServletResponse httpServletResponse ); }
> 
> 3)
> public class LogoutAction extends Action {
> 
>     public ActionForward execute( ActionMapping actionMapping, 
> ActionForm actionForm, HttpServletRequest httpServletRequest, 
> HttpServletResponse httpServletResponse ) {
> 
>         HttpSession session = httpServletRequest.getSession( false );
>         if ( session != null ) {
>             session.invalidate();
>         }
>         return actionMapping.findForward( Constants.SUCCESS );
>     }
> 
> }
> 
> BR
> /Amleto
> 
> 
> -----Messaggio originale-----
> Da: manoj JC [mailto:manoj_jose@hotmail.com]
> Inviato: giovedì 24 giugno 2004 17.15
> A: user@struts.apache.org
> Oggetto: RE: R: Back Browser Button After Logout and Reload so that
> continue working
> 
> 
> Along the same lines
> 
> 
> In the Login.do
> You should have something like
> HttpSession session = httpServletRequest.getSession( true ); if ( 
> session != null ) {
>    session.setAttribute("loggedin", true);
> }
> 
> And in Logout.do
> You should have something like
> HttpSession session = httpServletRequest.getSession( false ); if ( 
> session != null ) {
>    session.setAttribute("loggedin", false);
> }
> 
> The way I have done is, I have divided my action classes into two 
> types. One for logged in users and other for not logged in users. In 
> struts-config one
> of the attributs of the action class is "requiredlogin=yes" or 
> "requiredlogin=no"
> 
> In the actionservlet, I check if the current action's 
> "requiredlogin=yes" if it is then check for the value 
> session.getAttribute("loggedin"); If it is false, you redirect the 
> page to a login.do else you would send it to correct
> action class.
> 
> Folks, please let me know if this a convoluted way of achieving this.
> 
> 
>>From: "Amleto Di Salle" <disalle@di.univaq.it>
>>Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
>>To: "'Struts Users Mailing List'" <user@struts.apache.org>
>>Subject: R: Back Browser Button After Logout and Reload so that
>>continue
>>working
>>Date: Thu, 24 Jun 2004 16:53:40 +0200
>>
>>Hi,
>>one possible solution is to invalidate the session inside the
>>"LogoffAction".
>>
>>        HttpSession session = httpServletRequest.getSession( false );
>>        if ( session != null ) {
>>            session.invalidate();
>>        }
>>
>>If you have already done and the problem remains, maybe you are using
>>HttpServletRequest.getSession() method (or getSession(true)) inside 
>>the
> 
> 
>>Actions (or "BaseAction" if you use a base class for your all actions,
>>in order to validate the users).
>>
>>BR
>>/Amleto
>>
>>
>>-----Messaggio originale-----
>>Da: Ricardo Andres Quintero [mailto:rquintero@ubiquando.com.co]
>>Inviato: giovedì 24 giugno 2004 15.41
>>A: user@struts.apache.org
>>Oggetto: Back Browser Button After Logout and Reload so that continue
>>working
>>
>>
>>Hello my friends
>>Followed i attach a message i found in the internet.
>>I have found some conceptual solutions about this problem, but i DO 
>>need an example that works to solve it.
>>
>>The conceptual solution talks about a token syncronizer. I don't know
>>how to write it.
>>
>>Thank you in advanced.
>>
>><%-- THE PROBLEM --%>
>>
>>Hello,
>>
>>I used Struts to develop a web app which has a login form to permit
>>access to different functionnalities via a menu page. I use a session 
>>var I set at login to check if the user has not logged out. The
problem
> 
> 
>>that I have is, once I do the logoff, if I use the Back button of the
>>browser to the menu page and do a refresh a new session gets created 
>>and I'm able to use the app. I have a filter to do the verification
but
> 
> 
>>I tried before doing it in each Action and I have the same problem. I
>>don't access .jsp pages directly, I have an Action for each of them. I

>>read some posts but none seems to talk about my specific problem.
>>
>>It sounds like a begginer caveat but I have no idea what should I do 
>>or
> 
> 
>>what am I doing wrong. Any help appreciated,
>>
>>Cezar
>>
>><%-- END OF THE PROBLEM --%>
>>
>>
>>--
>>Ricardo Andrés Quintero R.
>>Ubiquando Ltda.
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>For additional commands, e-mail: user-help@struts.apache.org
>>
> 
> 
> _________________________________________________________________
> Is your PC infected? Get a FREE online computer virus scan from 
> McAfee®
> Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 

-- 
Mark Diggory
Software Developer
Harvard MIT Data Center
http://www.hmdc.harvard.edu

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
------- End of Forwarded Message -------


--
Ricardo Andrés Quintero R.
Ubiquando Ltda.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message