Two Laptop Bag*
The moose likes Struts and the fly likes Tracking the Session in struts Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Tracking the Session in struts" Watch "Tracking the Session in struts" New topic
Author

Tracking the Session in struts

Neeraj jain
Ranch Hand

Joined: Jun 18, 2013
Posts: 83
i am implementing IntranetMailServer using struts and i need to store the username in session to use it in future for fetching mails etc. but the problem is that from login page the request directly goes to the LoginAction class which is extended from the ActionSupport class so tell me where i do set the Attribute in session......... and also i need to track the session so noone can directlyy reach to the inbox without having login so how to achieve it as i tried it with


when i send the request 1st time it redirects me to the login.jsp with the particular message but when i again send the request it opens welcome.jsp please resolve it as i don't want user to go into inbox without having to login
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15629
    
  15

You'd actually be a lot safer if instead of writing your own security system, you used the one that's part of the J2EE standard. I've never seen a DIY security system that was truly secure (most of them are VERY insecure). And you wouldn't have to store the userID anywhere, because it would be available from the HttpServletRequest getRemoteUser() and getUserPrincipal() methods.

Plus, your goal of guarding against people simply walking around the login URL (one of the most common ways to exploit DIY systems) is taken care of automatically by the server. You set the access controls in web.xml based on the incoming URL pattern match. If someone attempts to submit a protected URL, the server itself forces a login and they cannot exploit your code, because the server won't send the URL on to your app until they've logged in.


Customer surveys are for companies who didn't pay proper attention to begin with.
Neeraj jain
Ranch Hand

Joined: Jun 18, 2013
Posts: 83
Tim thanks for such a wonderfull explaination will you please also give me the example what you have explained above i mean that web.xml
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tracking the Session in struts
 
Similar Threads
Struts1 - need help - how to achieve this
Error while running login.jsp in Struts 2 .The Struts dispatcher cannot be found.
How to pass a javascript variable value from a JSP page to a Servlet?
IllegalStateException is coming if I use sendRedirect() method..
Session Invalidation Error