On Fri, 21 Jan 2005 22:03:24 -0600, Eddie Bush <[EMAIL PROTECTED]> wrote:
> Perhaps nowadays it is commonplace for people to make such posts, but
> it has not always been the case - and it really should not be done. I
> didn't invent the custom, I just follow it.
Besides being a little overwrough
and related (the dev list), and a third (new) list for discussing
> > development strategies related to Struts? Just thinking out loud. I
> > think it is somewhat logical to think that the list of lists might grow
> > as the product evolves . . .
> >
> > Erik
> >
&g
developing Struts
> and related (the dev list), and a third (new) list for discussing
> development strategies related to Struts? Just thinking out loud. I
> think it is somewhat logical to think that the list of lists might grow
> as the product evolves . . .
>
> Erik
>
> &
o: Struts Users Mailing List , Dakota
Jack
<[EMAIL PROTECTED]>
cc:
Subject:Re: Session Strategy (here's a filter)
... it is a filter ... notice how it says "implements Filter". The
mapping in web.xml is a dead giveaway too.
I'd love to know how it
ple are just cranky. Putting hte code where it can be searched by
folks is a good thing.
>
>
> Eddie Bush <[EMAIL PROTECTED]>
> 01/20/2005 11:59 PM
> Please respond to "Struts Users Mailing List"
>
>
> To: Struts Users Mailing List , Dakota
>
t;
cc:
Subject:Re: Session Strategy (here's a filter)
... it is a filter ... notice how it says "implements Filter". The
mapping in web.xml is a dead giveaway too.
I'd love to know how it detects session timeouts though. Far as I can
tell it will t
On Thu, 20 Jan 2005 22:59:09 -0600, Eddie Bush <[EMAIL PROTECTED]> wrote:
> ... it is a filter ... notice how it says "implements Filter". The
> mapping in web.xml is a dead giveaway too.
You are right. And you know you are right. I guess that is why you
feel free to be sardonic, although you
... it is a filter ... notice how it says "implements Filter". The
mapping in web.xml is a dead giveaway too.
I'd love to know how it detects session timeouts though. Far as I can
tell it will tell people who have yet to have a session created that
they've timed out. ... first trip around the b
; > " click on the button below to go to
> the"
> > +
> > " login page.");
> >
> > resp.sendRedirect("/schs82/BuildActionResultViewAction.do");
>
> Dakota Jack <[EMAIL PRO
ViewAction.do");
Dakota Jack <[EMAIL PROTECTED]>
01/20/2005 11:07 AM
Please respond to "Struts Users Mailing List"
To: Struts Users Mailing List
cc:
Subject:Re: Session Strategy (here's a filter)
I was looking for a filter that det
package com.crackwillow.filter;
import java.io.IOException;
import java.io.PrintStream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletExcepti
On Thu, 20 Jan 2005 06:53:36 -0800, Dakota Jack <[EMAIL PROTECTED]> wrote:
> I am also too lazy to make a filter! LOL ;-) Anyone have one of
> these in their toolbox they would like to share?
package com.sssc.csr.web.filters;
import java.io.IOException;
import java.util.Iterator;
import java.ut
sition",
> "systemError");
> session.setAttribute("currentActionMessage", "You have
> accessed" +
> " SCHS82.com in a non-authorized way.
> Please" +
> &quo
estroy() {}
}
And this must be added to web.xml
***
AuthenticationFilter
schs82.AuthenticationFilter
AuthenticationFilter
/secure/*
Dakota Jack <[
I am also too lazy to make a filter! LOL ;-) Anyone have one of
these in their toolbox they would like to share?
Jack
On Thu, 20 Jan 2005 12:49:41 +0800, Andrew Hill
<[EMAIL PROTECTED]> wrote:
> Id support the filter suggestion, though for myself I generally do the
> check in the RequestProce
I'm not sure I agree with the point, but I do see where your coming
from. It's debatable I think, but you make a reasonable argument.
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
Will Stranathan wrote:
Nope - Andrew is right - JSP's are on
Nope - Andrew is right - JSP's are only part of the configuation and
support files in a well-written MVC webapp - it's only TEMPLATE text.
Just like if you send a canned email, I'm sure you keep your email
templates under WEB-INF, right? Well, JSP's are just out.println()
template.
w
On Thu,
That's an interesting view of JSPs. I've always thought of WEB-INF as
configuration and support files only. In that mindset, a JSP wouldn't
fit because it is a piece of the application itself, not configuration
and not a support file, like JARs would be for instance.
In any case, I'm not tryi
Id support the filter suggestion, though for myself I generally do the
check in the RequestProcessor, as Ive usually overrideen it to perform
other evil anyhow, and Im lazy to make a filter.
If you dont keep your JSP under WEB-INF (IMHO thats where they belong
because they are 'code & config' ,
If the user clicks a button, you are either going to (a) go directly to
a JSP, which is generally not a good idea in a Struts-based application
anyway (or any servlet-based application for that matter) or (b) go to
an Action, as you probably should be doing. In either case, choice 1 is
what I
I'll suggest option #3:
Hide all JSP's under /WEB-INF/pages (or something like that) so you need
actions (or ForwardActions) to internally get to the JSP pages. Then, you
can modify the RequestProcessor.processRoles() method to perform your
security check for the session scope's userID object or
21 matches
Mail list logo
