aspose file tools*
The moose likes Struts and the fly likes user session validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "user session validation" Watch "user session validation" New topic
Author

user session validation

azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
My question is regarding user session validation in a secure area of my app.

This is how my application works currently:
I have an action class which checks if the user is logged on, and forward to login page if not.
This is a simple solution, and was fine when only few pages required user validation. As the section of the site increased, I feel I need a better solution.

So finally, my question:
How can I implement a better method by which I can specify which pages require user validation in struts config file?
Scott Johnson
Ranch Hand

Joined: Aug 24, 2005
Posts: 518
You can use container security. (See Chapter 12 of the Servlet 2.4 Spec)

Or you could create a servlet filter to detect the login state and servlet requested and forward to the login page if necessary.
azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
thanks for the reply.
I have to go through the link, which i will do soon.
But meanwhile, my doubt is, wont that require configuration in web.xml along with struts config?
Jan Groth
Ranch Hand

Joined: Feb 03, 2004
Posts: 456
yes, as far as i understand this will require config of your web.xml - but that's no problem, or?

what i am doing in my webapp (simplified) - i have a NotLoggedInAction which handels the login and writes the user into the session. all other actions subclass LoggedInAction and check if the user is in the session. if not, they redirect to an appropriate error page...

works like a charm :-)

jan
Scott Johnson
Ranch Hand

Joined: Aug 24, 2005
Posts: 518
wont that require configuration in web.xml along with struts config?


You'll need to add some stuff to the web.xml but not the struts-config.xml. Is that a problem?
 
wood burning stoves
 
subject: user session validation