Thanks robert. Greatly appreciated.
Now has anyone tried to put login form on every page of
site if user hasn't login with STRUTS? Say, put a small login
form on left hand column menu/navigational bar.
Is there anything I need to look out for?
----- Original Message -----
From: "Robert Taylor" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, August 31, 2004 11:16 PM
Subject: RE: SecurityFilter Question?
> I haven't been following this thread too closely but
> I know its been some what long so if this solution has
> already been proposed, I apologize in advance.
>
> We use SecurityFilter and an additional filter which
> checks for the Principal in the request. If the Principal exists,
> then we can be assured that the user has successfully logged in; at
> which point we check to see if the required information is in the
> session. If not, then we persist the required information into the
session.
> If so, then we do nothing. In either case we allow the filter chain to
proceed.
> It has worked quite nicely so far.
>
>
> Principal principal = req.getUserPrincipal();
>
> if (principal != null) {
>
>
> if (req.getSession().getAttribute("requiredInformation") == null) {
>
> // do other login stuff here
>
> }
>
> }
>
> chain.doFilter(req, res);
>
> hth,
>
> robert
>
> > -----Original Message-----
> > From: struts Dude [mailto:[EMAIL PROTECTED]
> > Sent: Monday, August 30, 2004 8:19 PM
> > To: Struts Users Mailing List
> > Subject: Re: SecurityFilter Question?
> >
> >
> >
> > ----- Original Message -----
> > From: "Jason Lea" <[EMAIL PROTECTED]>
> > To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
> > Sent: Monday, August 30, 2004 6:07 PM
> > Subject: Re: SecurityFilter Question?
> >
> > > >
> > > >Can't u do this using an Action? Say, accessing /admin/LogAction.do
> > > >invokes SecurityFilter, after authentication by SecurityFilter is
passed,
> > > >go directly to LogAction as below
> > > >
> > > >
> > >
> > > The problem comes if the user bookmarks a url like /user/abc.do,
starts
> > > up their browser and goes directly to the protected URL. The security
> > > filter will take them to the login form, they submit username/password
> > > and seucirty filter authenticates them. Once they are authenticated
> > > they are redirected back to /users/abc.do - they don't pass through
> > > LogAction at all. So I normally have a filter that makes sure the
bean
> > > is in session from where ever they are called.
> > >
> >
> >
> > > You don't have to use a filter though, you could make a base action
that
> > > does puts the bean into session and have all your actions sub-class
that
> > > one.
> >
> > Using action to put bean in Session after SecurityFilter, how is that
> > possible when after authentication by SecurityFilter, u taken right
> > back to /user/abc.do where u 1st request it and doesn't pass
> > through to action attribute as specified in action-mapping of
> > struts-config.xml?
> >
> > I have tried to use action, after authentication, I am indeed taken
> > back to the page /admin/logon.do or /user/logon.do and got
> > error message in browser:
> >
> > HTTP Status 400 - Invalid path /admin/Logon was requested
> >
> > message Invalid path /admin/Logon was requested
> >
> > description The request sent by the client was syntactically incorrect
> > (Invalid path /admin/Logon was requested).
> >
> > -------------
> >
> > My action mapping is struts-conf.xml
> >
> > Both
> >
> > <action
> > path="/admin/Logon.do"
> > type="org.apache.struts.actions.ForwardAction"
> > parameter="LogAction.do?action=logon"/>
> >
> > <action
> > path="/user/Logon.do"
> > type="org.apache.struts.actions.ForwardAction"
> > parameter="LogAction.do?action=logon"/>
> >
> > <!--
> > My LogAction extends DispatchAction and will try
> > to put User bean in session. -->
> >
> > or
> >
> > <action
> > path="/admin/Logon.do"
> > type="org.apache.struts.actions.ForwardAction"
> > parameter="Welcome.do"/>
> > <action
> > path="/user/Logon.do"
> > type="org.apache.struts.actions.ForwardAction"
> > parameter="Welcome.do"/>
> >
> > won't work.
> >
> > -----------------------
> >
> > BTW, how wud u use html:form to display
> > login fields?
> >
> > I can't get struts tag to work with login fields
> > except for using things like:
> >
> > <form action="j_security_check" method="POST">
> > Username: <input type="text" name="j_username"><p>
> > Password: <input type="password" name="j_password"><p>
> > <input type="Submit">
> >
> > </form>
> >
> > ------------------
> >
> > Ok, using filter (as u said) after SecurityFilter wud solve this simply
but
> > I like to stick with pure Struts approach if possible.
> >
> > Thanks
> >
> >
> > > Jason Lea
> > >
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
