• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

user session validation

 
azhar bharat
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My question is regarding user session validation in a secure area of my app.

This is how my application works currently:
I have an action class which checks if the user is logged on, and forward to login page if not.
This is a simple solution, and was fine when only few pages required user validation. As the section of the site increased, I feel I need a better solution.

So finally, my question:
How can I implement a better method by which I can specify which pages require user validation in struts config file?
 
Scott Johnson
Ranch Hand
Posts: 518
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use container security. (See Chapter 12 of the Servlet 2.4 Spec)

Or you could create a servlet filter to detect the login state and servlet requested and forward to the login page if necessary.
 
azhar bharat
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for the reply.
I have to go through the link, which i will do soon.
But meanwhile, my doubt is, wont that require configuration in web.xml along with struts config?
 
Jan Groth
Ranch Hand
Posts: 456
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes, as far as i understand this will require config of your web.xml - but that's no problem, or?

what i am doing in my webapp (simplified) - i have a NotLoggedInAction which handels the login and writes the user into the session. all other actions subclass LoggedInAction and check if the user is in the session. if not, they redirect to an appropriate error page...

works like a charm :-)

jan
 
Scott Johnson
Ranch Hand
Posts: 518
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
wont that require configuration in web.xml along with struts config?


You'll need to add some stuff to the web.xml but not the struts-config.xml. Is that a problem?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic