Hi,
I have the following classes and it seems to work:
1)
public class LoginAction extends Action {
public ActionForward execute( ActionMapping actionMapping,
ActionForm actionForm, HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse ) throws InvalidLoginException {
String login = ( ( LoginForm ) actionForm ).getLogin();
String password = ( ( LoginForm ) actionForm ).getPassword();
SecurityDelegate securityDelegate = new SecurityDelegate();
UserTO user = securityDelegate.autentication( login, password );
HttpSession session = httpServletRequest.getSession( false );
if ( session != null ) {
session.invalidate();
}
session = httpServletRequest.getSession( true );
session.setAttribute( Constants.USER_INFO, user );
return actionMapping.findForward( Constants.WELCOME );
}
}
2) I have a BaseAction class and my the other classes extend it.
public abstract class BaseAction extends Action {
public ActionForward execute( ActionMapping actionMapping,
ActionForm actionForm, HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse ) throws UserNotLoggedException
{
HttpSession session = httpServletRequest.getSession( false );
if ( session == null ) {
throw new UserNotLoggedException( "User Not logged!" );
}
UserTO userTO = ( UserTO) session.getAttribute(
Constants.USER_INFO );
if ( userTO == null ) {
throw new UserNotLoggedException( "User not Logged!" );
}
return doExecute( actionMapping, actionForm, httpServletRequest,
httpServletResponse );
}
public abstract ActionForward doExecute( ActionMapping
actionMapping, ActionForm actionForm, HttpServletRequest
httpServletRequest, HttpServletResponse httpServletResponse );
}
3)
public class LogoutAction extends Action {
public ActionForward execute( ActionMapping actionMapping,
ActionForm actionForm, HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse ) {
HttpSession session = httpServletRequest.getSession( false );
if ( session != null ) {
session.invalidate();
}
return actionMapping.findForward( Constants.SUCCESS );
}
}
BR
/Amleto
-----Messaggio originale-----
Da: manoj JC [mailto:[EMAIL PROTECTED]
Inviato: giovedì 24 giugno 2004 17.15
A: [EMAIL PROTECTED]
Oggetto: RE: R: Back Browser Button After Logout and Reload so that
continue working
Along the same lines
In the Login.do
You should have something like
HttpSession session = httpServletRequest.getSession( true );
if ( session != null ) {
session.setAttribute("loggedin", true);
}
And in Logout.do
You should have something like
HttpSession session = httpServletRequest.getSession( false ); if (
session != null ) {
session.setAttribute("loggedin", false);
}
The way I have done is, I have divided my action classes into two types.
One
for logged in users and other for not logged in users. In struts-config
one
of the attributs of the action class is "requiredlogin=yes" or
"requiredlogin=no"
In the actionservlet, I check if the current action's
"requiredlogin=yes" if it is then check for the value
session.getAttribute("loggedin"); If it is
false, you redirect the page to a login.do else you would send it to
correct
action class.
Folks, please let me know if this a convoluted way of achieving this.
>From: "Amleto Di Salle" <[EMAIL PROTECTED]>
>Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
>To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
>Subject: R: Back Browser Button After Logout and Reload so that
>continue
>working
>Date: Thu, 24 Jun 2004 16:53:40 +0200
>
>Hi,
>one possible solution is to invalidate the session inside the
>"LogoffAction".
>
> HttpSession session = httpServletRequest.getSession( false );
> if ( session != null ) {
> session.invalidate();
> }
>
>If you have already done and the problem remains, maybe you are using
>HttpServletRequest.getSession() method (or getSession(true)) inside the
>Actions (or "BaseAction" if you use a base class for your all actions,
>in order to validate the users).
>
>BR
>/Amleto
>
>
>-----Messaggio originale-----
>Da: Ricardo Andres Quintero [mailto:[EMAIL PROTECTED]
>Inviato: giovedì 24 giugno 2004 15.41
>A: [EMAIL PROTECTED]
>Oggetto: Back Browser Button After Logout and Reload so that continue
>working
>
>
>Hello my friends
>Followed i attach a message i found in the internet.
>I have found some conceptual solutions about this problem,
>but i DO need an example that works to solve it.
>
>The conceptual solution talks about a token syncronizer. I don't know
>how to write it.
>
>Thank you in advanced.
>
><%-- THE PROBLEM --%>
>
>Hello,
>
>I used Struts to develop a web app which has a login form to permit
>access to different functionnalities via a menu page. I use a session
>var I set at login to check if the user has not logged out. The problem
>that I have is, once I do the logoff, if I use the Back button of the
>browser to the menu page and do a refresh a new session gets created
>and I'm able to use the app. I have a filter to do the verification but
>I tried before doing it in each Action and I have the same problem. I
>don't access .jsp pages directly, I have an Action for each of them. I
>read some posts but none seems to talk about my specific problem.
>
>It sounds like a begginer caveat but I have no idea what should I do or
>what am I doing wrong. Any help appreciated,
>
>Cezar
>
><%-- END OF THE PROBLEM --%>
>
>
>--
>Ricardo Andrés Quintero R.
>Ubiquando Ltda.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
