You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by hi...@o2.pl on 2004/08/16 09:21:34 UTC

If not logged in, login and redirect do requested page scenario.

Hi,

Some pages in the site I'm working on should be available only for users who have previously logged in, but links to them may appear on pages that area accessible for anybody.

I'm trying to implement a scenario in which if the user who has not logged in clicks on a link to a page "for logged in users only"  should be redirected to "login page", and then if the login operation succeeds another redirection takes the user, to the page that was originally requested.

Are there any "commonly known" techniques to do this smoothly with Struts??

I did it as follows...

All links to pages "for logged in users only" go throuth one action say "LoginAndRedirect" so in JSP they look like

<html:link href="LoginAndRedirect.do?FORWARD_TO=accountDetails">

The LoginAndRedirect action first checks if there is an instance of OnlineUser (which is a simple JavaBean) in the session (its presence indicates that the user has already logged in) If the OnlineUser is not found, the value of the FORWARD_TO parameter is stored in session and the LoginAndRedirect action forwards to login.jsp (global forward) where the user gets his chance to authenticate. If the attempt to login succeeds, the OnlineUser is placed in the session and the request is forwarded back (again through the global forward) to the LoginAndRedirect action which this time finds the OnlineUser in the session as well as the FORWARD_TO param. All "for logged in users only" pages are defined as forwards of LoginAndRedirect so its final action is sth like...

return forward.findForward(session.getAttribute("FORWARD_TO"));

I'm aware that with this approach I must also prevent somehow "not logged in" users from accessing the "forbiden pages" directly - thay can just type the URL in the browser and get where they should not :)

Any suggestions of making this in a better way will be appreciated!! :)

Regards
Chris


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: If not logged in, login and redirect do requested page scenario.

Posted by Oli Kessler <ok...@tor.ch>.

Pavel Kolesnikov wrote:
> On Mon, 16 Aug 2004 hicnar_struts_list@o2.pl wrote:
> 
> 
>>I'm trying to implement a scenario in which if the user who has not
>>logged in clicks on a link to a page "for logged in users only"  should
>>be redirected to "login page", and then if the login operation succeeds
>>another redirection takes the user, to the page that was originally
>>requested.
>>
>>Are there any "commonly known" techniques to do this smoothly with
>>Struts??
> 
> 
> What about Container Managed Authentication? 
> It's part of J2EEs standard (so it's not Struts specific)
> and it allows you to configure server to protect your pages
> as you've described above.
> 
> See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html
> for Tomcat5 configuration.

Or use securityfilter on http://securityfilter.sf.net, a servlet filter 
which mimics container managed security in case you do not want to 
change your container's settings.

-ok


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: If not logged in, login and redirect do requested page scenario.

Posted by Pavel Kolesnikov <k...@les.cz>.

On Mon, 16 Aug 2004 hicnar_struts_list@o2.pl wrote:

> I'm trying to implement a scenario in which if the user who has not
> logged in clicks on a link to a page "for logged in users only"  should
> be redirected to "login page", and then if the login operation succeeds
> another redirection takes the user, to the page that was originally
> requested.
> 
> Are there any "commonly known" techniques to do this smoothly with
> Struts??

What about Container Managed Authentication? 
It's part of J2EEs standard (so it's not Struts specific)
and it allows you to configure server to protect your pages
as you've described above.

See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html
for Tomcat5 configuration.

Pavel

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

RE: If not logged in, login and redirect do requested page scenario.

Posted by Aru <ar...@nucleussoftware.com.sg>.

Dei..
	Kaelvi ium kaettuttu Pathilum neeyae solluriyaa?
	:)
	Uthai vilum :))

-----Original Message-----
From: hicnar_struts_list@o2.pl [mailto:hicnar_struts_list@o2.pl]
Sent: Monday, August 16, 2004 3:22 PM
To: user@struts.apache.org
Subject: If not logged in, login and redirect do requested page scenario.

Hi,

Some pages in the site I'm working on should be available only for users who
have previously logged in, but links to them may appear on pages that area
accessible for anybody.

I'm trying to implement a scenario in which if the user who has not logged
in clicks on a link to a page "for logged in users only"  should be
redirected to "login page", and then if the login operation succeeds another
redirection takes the user, to the page that was originally requested.

Are there any "commonly known" techniques to do this smoothly with Struts??

I did it as follows...

All links to pages "for logged in users only" go throuth one action say
"LoginAndRedirect" so in JSP they look like

<html:link href="LoginAndRedirect.do?FORWARD_TO=accountDetails">

The LoginAndRedirect action first checks if there is an instance of
OnlineUser (which is a simple JavaBean) in the session (its presence
indicates that the user has already logged in) If the OnlineUser is not
found, the value of the FORWARD_TO parameter is stored in session and the
LoginAndRedirect action forwards to login.jsp (global forward) where the
user gets his chance to authenticate. If the attempt to login succeeds, the
OnlineUser is placed in the session and the request is forwarded back (again
through the global forward) to the LoginAndRedirect action which this time
finds the OnlineUser in the session as well as the FORWARD_TO param. All
"for logged in users only" pages are defined as forwards of LoginAndRedirect
so its final action is sth like...

return forward.findForward(session.getAttribute("FORWARD_TO"));

I'm aware that with this approach I must also prevent somehow "not logged
in" users from accessing the "forbiden pages" directly - thay can just type
the URL in the browser and get where they should not :)

Any suggestions of making this in a better way will be appreciated!! :)

Regards
Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org