Re: Form handling by direct URL in Struts 1.3.8

Wed, 13 Jun 2012 16:00:46 -0700 

Hello Anjib,

[Error message]
Caused by: javax.servlet.jsp.JspException: Cannot find bean: "userInfo" in any scope 

[Cause]
If someone type direct URL http://localhost:8080/MyApp/changepassword.do,
no userInfo in the session.
Then userIsLoggedIn method returns false,
    return mapping.findForward("sessionEnded");

On this case, would  the same JSP, changePasswordPage be called or some 
JSP using userInfo session information?


a JSP, changePasswordPage.
<logic:empty name="userInfo" property="firstName">
            ${userInfo.userName}
</logic:empty>

[Measure idea #1]
On BaseAction
Changed from:return mapping.findForward("sessionEnded");
                to:     some JSP page without userInfo session information.

[Measure idea #2]
On BaseAction
Changed from:
        if (!this.userIsLoggedIn(request)) {
            ActionErrors errors = new ActionErrors();

            errors.add("error", new 
ActionMessage("error.userNotLoggedIn"));

            this.saveErrors(request, errors);

            String url = request.getServletPath() + "?" + 
request.getQueryString();

            request.getSession().setAttribute("forwardPath", url);
            return mapping.findForward("sessionEnded");
        }
                to:
        if (!this.userIsLoggedIn(request)) {
            ActionErrors errors = new ActionErrors();

            errors.add("error", new 
ActionMessage("error.userNotLoggedIn"));

            this.saveErrors(request, errors);

            String url = request.getServletPath() + "?" + 
request.getQueryString();

            request.getSession().setAttribute("forwardPath", url);

            // ADD

            request.getSession().setAttribute("userInfo", SOMETHING 
TEMPORARY INFORMATION);


            return mapping.findForward("sessionEnded");
        }

Best regards,
Takanori Hayashi

(2012/06/14 3:07), Anjib Mulepati wrote:

I am looking for such prevention measure. Right now for most action I 
have Base action where it check whether user has logged in or not.


On 6/13/2012 1:21 PM, Dave Newton wrote:

On Wednesday, June 13, 2012, Anjib Mulepati<anji...@hotmail.com>  wrote:

Where and how I do that?

In Struts 1.2 you'd use a custom request processor (or just a 
filter). Not

sure about 1.3.

How are you preventing access to protected pages now?

Dave




---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org











---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



























					Reply via email to