Sure, redirect any request without a user info object to the login page. Dave
(pardon brevity and typos, on cell) On Jun 13, 2012 12:16 PM, "Anjib Mulepati" <anji...@hotmail.com> wrote: > i know that. My question was how we handle such direct URL. Like in this > case. Is there any mechanism to prevent? > > On 6/13/2012 12:07 PM, Jason Zheng wrote: > >> That's the problem, when you type the URL directly, the >> LoginSubmitAction.execute() method will not be invoked, so the 'userinfo' >> is not exits in any scope. >> >> On Wed, Jun 13, 2012 at 11:58 PM, Anjib Mulepati<anji...@hotmail.com>** >> wrote: >> >> User info is put into session after they log in so its in >>> LoginSubmitAction class. >>> >>> public class LoginSubmitAction extends org.apache.struts.action.****Action >>> { >>> >>> private static final String ERROR = "errorFront"; >>> >>> >>> private static final String SUCCESS = "success"; >>> >>> private static Log log = LogFactory.getLog("****LoginSubmitAction"); >>> >>> >>> @Override >>> public ActionForward execute(ActionMapping mapping, ActionForm form, >>> HttpServletRequest request, HttpServletResponse response) >>> throws Exception { >>> >>> LoginForm loginForm = (LoginForm) form; >>> String forwardPath = (String) request.getSession().** >>> getAttribute("forwardPath"); >>> String userName = loginForm.getUserName().****toLowerCase(); >>> String passWord = loginForm.getPassword(); >>> UserInfo userInfo = new UserInfo(); >>> >>> ActionForward objAxFrwd = null; >>> try { >>> /* Authenticate user */ >>> >>> UserDelegate userDelegate = new UserDelegate(userName, null); >>> userDelegate.validateUser(****userName, passWord); >>> log.info("User authenticated: " + userName); >>> >>> /* Get user profile and store in beans then to session >>> variable >>> */ >>> UserProfileInfo userProfileInfo = >>> userDelegate.getUserProfile(* >>> *userName); >>> userInfo.setUserName(****userProfileInfo.getUserName())****; >>> //Currently username is same as email address. >>> userInfo.setPassword(passWord)****; >>> userInfo.setFirstName(****userProfileInfo.getFirstName()** >>> **); >>> userInfo.setLastName(****userProfileInfo.getLastName())****; >>> userInfo.setEmail(****userProfileInfo.getEmail()); >>> userInfo.setPhone(****userProfileInfo.getPhone()); >>> >>> >>> >>> } catch (BusinessDelegateException e) { >>> /* User not authenticated */ >>> log.error(e.getErrorCode() + ": User not authenticated: " + >>> userName); >>> >>> ActionErrors errors = new ActionErrors(); >>> errors.add("error", new ActionMessage(e.getMessage(), false)); >>> this.saveErrors(request, errors); >>> return mapping.findForward(ERROR); >>> } catch (org.apache.cxf.binding.soap.****SoapFault s){ >>> log.error(s); >>> return mapping.findForward(ERROR); >>> } >>> >>> /* Forward control to the specified success URI */ >>> if (forwardPath != null) { >>> objAxFrwd = new ActionForward(forwardPath); >>> } else { >>> objAxFrwd = mapping.findForward(SUCCESS); >>> } >>> request.getSession().****setAttribute("userInfo", userInfo); >>> request.getSession().****setAttribute("userName", userName); >>> return objAxFrwd; >>> >>> } >>> } >>> On 6/13/2012 11:51 AM, Dave Newton wrote: >>> >>> I don't see anything that puts a user info into session (or request, I >>>> forgot where it was), so it makes sense the JSP would fail. >>>> >>>> [OT] In the future, consider removing useless, empty comments so people >>>> trying to help have less work to do :) >>>> >>>> Dave >>>> >>>> On Wed, Jun 13, 2012 at 11:43 AM, Anjib Mulepati<anji...@hotmail.com>** >>>> ** >>>> wrote: >>>> >>>> 1. Base Class >>>> >>>>> public abstract class BaseAction extends org.apache.struts.action.**** >>>>> Action >>>>> { >>>>> >>>>> private static Log log = LogFactory.getLog("BaseAction"******); >>>>> >>>>> /** >>>>> * >>>>> * @param mapping >>>>> * @param form >>>>> * @param request >>>>> * @param response >>>>> * @return >>>>> * @throws IOException >>>>> * @throws ServletException >>>>> * @throws BusinessDelegateException >>>>> */ >>>>> @Override >>>>> public ActionForward execute(ActionMapping mapping, ActionForm form, >>>>> HttpServletRequest request, HttpServletResponse response) >>>>> throws IOException, ServletException, >>>>> BusinessDelegateException >>>>> { >>>>> >>>>> if (!this.userIsLoggedIn(request)******) { >>>>> ActionErrors errors = new ActionErrors(); >>>>> errors.add("error", new ActionMessage("error.** >>>>> userNotLoggedIn")); >>>>> this.saveErrors(request, errors); >>>>> String url = request.getServletPath() + "?" + >>>>> request.getQueryString(); >>>>> request.getSession().******setAttribute("forwardPath", >>>>> url); >>>>> return mapping.findForward("******sessionEnded"); >>>>> } >>>>> return executeAction(mapping, form, request, response); >>>>> } >>>>> >>>>> /** >>>>> * >>>>> * @param mapping >>>>> * @param form >>>>> * @param request >>>>> * @param response >>>>> * @return >>>>> * @throws IOException >>>>> * @throws ServletException >>>>> */ >>>>> protected abstract ActionForward executeAction(ActionMapping >>>>> mapping, >>>>> ActionForm form, HttpServletRequest request, >>>>> HttpServletResponse response) >>>>> throws IOException, ServletException; >>>>> >>>>> private boolean userIsLoggedIn(******HttpServletRequest request) { >>>>> UserInfo userInfo = (UserInfo) request.getSession().** >>>>> getAttribute("userInfo"); >>>>> String userName = null; >>>>> try{ >>>>> userName = userInfo.getUserName(); >>>>> } catch (NullPointerException ex) { >>>>> log.error("User hasn't logged in yet."); >>>>> return false; >>>>> } >>>>> >>>>> if ( userName == null) { >>>>> return false; >>>>> } >>>>> return true; >>>>> } >>>>> } >>>>> >>>>> 2. Action class >>>>> public class ChangePasswordAction extends BaseAction { >>>>> >>>>> private static Log log = LogFactory.getLog("**** >>>>> ChangePasswordAction"); >>>>> >>>>> private static final String SUCCESS = "success"; >>>>> >>>>> private static final String FAILURE = "failure"; >>>>> >>>>> @Override >>>>> public ActionForward executeAction(ActionMapping mapping, ActionForm >>>>> form, >>>>> HttpServletRequest request, HttpServletResponse response) >>>>> throws IOException, ServletException { >>>>> >>>>> ActionErrors errors = new ActionErrors(); >>>>> ActionMessages messages = new ActionMessages(); >>>>> >>>>> ChangePasswordForm changePwdForm = (ChangePasswordForm) form; >>>>> String userName = changePwdForm.getUserName(); >>>>> String oldPassword = changePwdForm.getOldPwd().******trim(); >>>>> String newPassword = changePwdForm.getPassword().******trim(); >>>>> UserDelegate userDelegate = new UserDelegate(userName, null); >>>>> boolean isPasswordChanged = userDelegate.changePassword(****** >>>>> userName, >>>>> oldPassword, newPassword); >>>>> >>>>> if (isPasswordChanged) { >>>>> messages.add("password", new ActionMessage("msg.** >>>>> changePasswordSuccess")); >>>>> this.saveMessages(request, messages); >>>>> log.info("Password changed successfully."); >>>>> return mapping.findForward(SUCCESS); >>>>> } else { >>>>> errors.add("errors", new ActionMessage("msg.** >>>>> changePasswordError")); >>>>> saveErrors(request, errors); >>>>> log.error("Password can't be changed"); >>>>> return mapping.findForward(FAILURE); >>>>> } >>>>> } >>>>> } >>>>> >>>>> 3. Validation class >>>>> public class ChangePasswordForm extends ValidatorForm { >>>>> >>>>> private String userName; >>>>> private String oldPwd; >>>>> private String password; >>>>> private String confirmPwd; >>>>> >>>>> /** >>>>> * >>>>> * @return >>>>> */ >>>>> public String getPassword() { >>>>> return password; >>>>> } >>>>> >>>>> /** >>>>> * >>>>> * @param password >>>>> */ >>>>> public void setPassword(String password) { >>>>> this.password = password; >>>>> } >>>>> >>>>> /** >>>>> * >>>>> * @return >>>>> */ >>>>> public String getOldPwd() { >>>>> return oldPwd; >>>>> } >>>>> >>>>> /** >>>>> * >>>>> * @param oldPwd >>>>> */ >>>>> public void setOldPwd(String oldPwd) { >>>>> this.oldPwd = oldPwd; >>>>> } >>>>> >>>>> /** >>>>> * >>>>> * @return >>>>> */ >>>>> public String getConfirmPwd() { >>>>> return confirmPwd; >>>>> } >>>>> >>>>> /** >>>>> * >>>>> * @param confirmPwd >>>>> */ >>>>> public void setConfirmPwd(String confirmPwd) { >>>>> this.confirmPwd = confirmPwd; >>>>> } >>>>> >>>>> /** >>>>> * >>>>> * @return >>>>> */ >>>>> public String getUserName() { >>>>> return userName; >>>>> } >>>>> >>>>> /** >>>>> * >>>>> * @param userName >>>>> */ >>>>> public void setUserName(String userName) { >>>>> this.userName = userName; >>>>> } >>>>> >>>>> /** >>>>> * >>>>> */ >>>>> public ChangePasswordForm() { >>>>> super(); >>>>> >>>>> } >>>>> >>>>> /** >>>>> * This is the action called from the Struts framework. >>>>> * @param mapping The ActionMapping used to select this instance. >>>>> * @param request The HTTP Request we are processing. >>>>> * @return set of errors. >>>>> */ >>>>> @Override >>>>> public ActionErrors validate(ActionMapping mapping, >>>>> HttpServletRequest >>>>> request) { >>>>> ActionErrors errors = new ActionErrors(); >>>>> if(userName.isEmpty()){ >>>>> errors.add("error", new ActionMessage("error.userName"** >>>>> ****)); >>>>> } >>>>> if(oldPwd.isEmpty()){ >>>>> errors.add("error", new ActionMessage("error.**** >>>>> oldPassword")); >>>>> } >>>>> if(password.isEmpty()){ >>>>> errors.add("error", new ActionMessage("error.**** >>>>> newPassword")); >>>>> } >>>>> if(!confirmPwd.equals(******password)){ >>>>> errors.add("error", new ActionMessage("error.** >>>>> confirmPassword")); >>>>> } >>>>> if(userName.equalsIgnoreCase(******password)){ >>>>> errors.add("error", new ActionMessage("error.** >>>>> sameAsUsername")); >>>>> } >>>>> if(oldPwd.equalsIgnoreCase(******password)){ >>>>> errors.add("error", new ActionMessage("error.**** >>>>> samePassword")); >>>>> } >>>>> return errors; >>>>> } >>>>> >>>>> /** >>>>> * >>>>> * @param mapping >>>>> * @param request >>>>> */ >>>>> @Override >>>>> public void reset(ActionMapping mapping, HttpServletRequest >>>>> request) { >>>>> userName = ""; >>>>> oldPwd = ""; >>>>> password = ""; >>>>> confirmPwd = ""; >>>>> } >>>>> } >>>>> >>>>> On 6/13/2012 11:10 AM, Jason Zheng wrote: >>>>> >>>>> Anjib, would you like to show us the codes in the Action >>>>> >>>>>> ChangePasswordAction? >>>>>> >>>>>> On Wed, Jun 13, 2012 at 10:58 PM, Dave Newton<davelnew...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> Then it's likely you're doing something wrong if you're forwarding >>>>>> to a >>>>>> >>>>>> page before creating the info that page needs. >>>>>>> >>>>>>> Dave >>>>>>> >>>>>>> On Wed, Jun 13, 2012 at 10:53 AM, Anjib Mulepati<anji...@hotmail.com >>>>>>> >>>>>>> wrote: >>>>>>> >>>>>>>> Even though I put validation in ActionForm validate() method failure >>>>>>>> will >>>>>>>> take to changePasswordPage. I do have validation to check form >>>>>>>> field. >>>>>>>> >>>>>>>> >>>>>>>> On 6/13/2012 9:17 AM, Dave Newton wrote: >>>>>>>> >>>>>>>> Maybe some sort of validation would be helpful. >>>>>>>> >>>>>>>> Dave >>>>>>>>> >>>>>>>>> On Wed, Jun 13, 2012 at 9:03 AM, Anjib Mulepati< >>>>>>>>> anji...@hotmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I have question regarding handling form submission by direct URL >>>>>>>>> in >>>>>>>>> >>>>>>>>>> Struts >>>>>>>>>> 1.3.8 >>>>>>>>>> >>>>>>>>>> I have a page to change password which user can access after they >>>>>>>>>> >>>>>>>>>> login. >>>>>>>>>> >>>>>>>>> URL for that page is >>>>>>>>> http://localhost:8080/MyApp/********<http://localhost:8080/MyApp/******> >>>>>>>> <http://localhost:8080/**MyApp/****<http://localhost:8080/MyApp/****> >>>>>>>> > >>>>>>>> >>>>>>>> **changepassword.do<http://****localhost:8080/MyApp/****** >>>>>>>>> >>>>>>>>>> changepassword.do<http://**localhost:8080/MyApp/****** >>>>>>>>>> changepassword.do<http://localhost:8080/MyApp/****changepassword.do> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>> <http://localhost:8080/MyApp/********changepassword.do<http://localhost:8080/MyApp/******changepassword.do> >>>>>>>>>> <http://**localhost:8080/MyApp/******changepassword.do<http://localhost:8080/MyApp/****changepassword.do> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>> <http://**localhost:8080/**MyApp/****changepassword.do<ht** >>>>>>>>> tp://localhost:8080/MyApp/****changepassword.do<http://localhost:8080/MyApp/**changepassword.do> >>>>>>>>> > >>>>>>>>> >>>>>>>> <http://**localhost:8080/******MyApp/**changepassword.do< >>>>>>>> >>>>>>>> >>>>>>>> http://localhost:8080/MyApp/******changepassword.do<http://localhost:8080/MyApp/****changepassword.do> >>>>>>>>> <http://**localhost:8080/MyApp/****changepassword.do<http://localhost:8080/MyApp/**changepassword.do> >>>>>>>>> > >>>>>>>>> <http://**localhost:8080/**MyApp/**changepassword.do<http** >>>>>>>>> ://localhost:8080/MyApp/**changepassword.do<http://localhost:8080/MyApp/changepassword.do> >>>>>>>>> > >>>>>>>>> >>>>>>>>>> I have action mapping as follow: >>>>>>>>>> <action path="/changepassword" input="changePasswordPage" >>>>>>>>>> >>>>>>>>>> scope="request" >>>>>>>>>> >>>>>>>>> name="ChangePasswordForm" type="com.anjib.actions.** >>>>>>>> >>>>>>>> ChangePasswordAction"> >>>>>>>>> >>>>>>>>>> <forward name="success" path="changePasswordPage" /> >>>>>>>>>> <forward name="failure" path="changePasswordPage"/> >>>>>>>>>> </action> >>>>>>>>>> >>>>>>>>>> I have tile definition for changePasswordPage which have page like >>>>>>>>>> >>>>>>>>>> header >>>>>>>>>> >>>>>>>>> which display welcome information after user login >>>>>>>> >>>>>>>> <div id="welcome" class="right"> >>>>>>>>> >>>>>>>>>> <bean:message key="label.welcome" /> >>>>>>>>>> <logic:notEmpty name="userInfo" property="firstName"> >>>>>>>>>> ${userInfo.firstName} ${**********userInfo.lastName} >>>>>>>>>> >>>>>>>>>> </logic:notEmpty> >>>>>>>>>> <logic:empty name="userInfo" property="firstName"> >>>>>>>>>> ${userInfo.userName} >>>>>>>>>> </logic:empty> >>>>>>>>>> </div> >>>>>>>>>> >>>>>>>>>> Now everything works fine if we follow normal process: Login and >>>>>>>>>> do >>>>>>>>>> actions. But if someone type URL http://localhost:8080/MyApp/** >>>>>>>>>> changepassword.do<http://********localhost:8080/MyApp/**** >>>>>>>>>> changepassword.do< >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> http://localhost:8080/MyApp/******changepassword.do<http://localhost:8080/MyApp/****changepassword.do> >>>>>>>>>> <http://**localhost:8080/MyApp/****changepassword.do<http://localhost:8080/MyApp/**changepassword.do> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>> <http://**localhost:8080/**MyApp/**changepassword.do<http** >>>>>>>>> ://localhost:8080/MyApp/**changepassword.do<http://localhost:8080/MyApp/changepassword.do> >>>>>>>>> > >>>>>>>>> directly >>>>>>>>> >>>>>>>>> then I don't get page and I have error in Tomcat log >>>>>>>> >>>>>>>> Caused by: javax.servlet.jsp.**********JspException: Cannot find >>>>>>>>> bean: >>>>>>>>> >>>>>>>>>> "userInfo" >>>>>>>>>> >>>>>>>>>> in any scope >>>>>>>>>> >>>>>>>>>> Any help will be appreciated. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Anjib >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ------------------------------**********----------------------** >>>>>>>>>> --** >>>>>>>>>> --**--** >>>>>>>>>> --**--------- >>>>>>>>>> To unsubscribe, e-mail: user-unsubscribe@struts.********apac** >>>>>>>>>> he.org< >>>>>>>>>> >>>>>>>>>> http://apache.org> >>>>>>>>>> >>>>>>>>> <user-unsubscribe@**struts.****a**pache.org<http://apache.org**>< >>>>>>>> http://struts.**apache.org<htt**p://struts.apache.org<http://struts.apache.org> >>>>>>>> >>< >>>>>>>> >>>>>>>> user-unsubscribe@struts.****apac**he.org<http://apache.org**>< >>>>>>>>> user-unsubscribe@**struts.**apache.org <http://struts.apache.org>< >>>>>>>>> user-unsubscribe@**struts.apache.org<user-unsubscr...@struts.apache.org> >>>>>>>>> > >>>>>>>>> >>>>>>>> For additional commands, e-mail: user-h...@struts.apache.org >>>>>>>> >>>>>>>> ------------------------------********------------------------** >>>>>>>>>> --** >>>>>>>>>> --** >>>>>>>>>> >>>>>>>>>> --**--------- >>>>>>>>> >>>>>>>> To unsubscribe, e-mail: user-unsubscribe@struts.******apac**he.org< >>>>>>>> http://apache.org**> >>>>>>>> < >>>>>>>> >>>>>>>> user-unsubscribe@struts.****apac**he.org<http://apache.org**>< >>>>>>>> >>>>>>> user-unsubscribe@**struts.**apache.org <http://struts.apache.org>< >>>>>>> user-unsubscribe@**struts.apache.org<user-unsubscr...@struts.apache.org> >>>>>>> > >>>>>>> >>>>>>>> For additional commands, e-mail: user-h...@struts.apache.org >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------******--------------------------** >>>>>> --** >>>>>> >>>>> --**--------- >>>>> To unsubscribe, e-mail: user-unsubscribe@struts.****apac**he.org< >>>>> http://apache.org**> >>>>> <user-unsubscribe@**struts.**apache.org <http://struts.apache.org>< >>>>> user-unsubscribe@**struts.apache.org<user-unsubscr...@struts.apache.org> >>>>> > >>>>> For additional commands, e-mail: user-h...@struts.apache.org >>>>> >>>>> >>>>> >>>>> ------------------------------****----------------------------** >>> --**--------- >>> To unsubscribe, e-mail: >>> user-unsubscribe@struts.**apac**he.org<http://apache.org> >>> <user-unsubscribe@**struts.apache.org<user-unsubscr...@struts.apache.org> >>> > >>> >>> For additional commands, e-mail: user-h...@struts.apache.org >>> >>> >>> >> > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > user-unsubscribe@struts.**apache.org<user-unsubscr...@struts.apache.org> > For additional commands, e-mail: user-h...@struts.apache.org > >