wood burning stoves 2.0*
The moose likes Struts and the fly likes user session validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "user session validation" Watch "user session validation" New topic
Author

user session validation

azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
My question is regarding user session validation in a secure area of my app.

This is how my application works currently:
I have an action class which checks if the user is logged on, and forward to login page if not.
This is a simple solution, and was fine when only few pages required user validation. As the section of the site increased, I feel I need a better solution.

So finally, my question:
How can I implement a better method by which I can specify which pages require user validation in struts config file?
Scott Johnson
Ranch Hand

Joined: Aug 24, 2005
Posts: 518
You can use container security. (See Chapter 12 of the Servlet 2.4 Spec)

Or you could create a servlet filter to detect the login state and servlet requested and forward to the login page if necessary.
azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
thanks for the reply.
I have to go through the link, which i will do soon.
But meanwhile, my doubt is, wont that require configuration in web.xml along with struts config?
Jan Groth
Ranch Hand

Joined: Feb 03, 2004
Posts: 456
yes, as far as i understand this will require config of your web.xml - but that's no problem, or?

what i am doing in my webapp (simplified) - i have a NotLoggedInAction which handels the login and writes the user into the session. all other actions subclass LoggedInAction and check if the user is in the session. if not, they redirect to an appropriate error page...

works like a charm :-)

jan
Scott Johnson
Ranch Hand

Joined: Aug 24, 2005
Posts: 518
wont that require configuration in web.xml along with struts config?


You'll need to add some stuff to the web.xml but not the struts-config.xml. Is that a problem?
 
wood burning stoves
 
subject: user session validation
 
Similar Threads
Spring Security-- How to add/ remove authorities of the user after he logs in.
How to implement authentication for each jsp page
Have a question about turn off javascript
Timeout occurs when a delay is happened
Shared some object that everyone can use?