You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Heligon Sandra <Sa...@nextream.fr> on 2002/07/01 11:49:43 UTC
Login process
Hi,
I am trying to use the method processPreprocess of the
RequestProcessor
in order to authenticate web clients in my struts application.
I am some doubt about the flow, when the index.jsp page is displayed
this
method is called, isn't it ?
How can I distinguish an unauthorized request from a first request (
index.jsp) ? Has somebody a sequence diagram that illustrate this
"mechanism" ?
Thanks
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Login process
Posted by James Mitchell <jm...@telocity.com>.
There are varied opinions on doing as Andrew suggests.
I, personally, recommend that approach as it:
a) forces the users to go through index.jsp or an action
b) allows you to put your session validation/redirection in
one place (the action or base action class)
c) forces your developers to use actions for everything, even
if you are just displaying a simple jsp with no dependent
objects (ActionForm or other beans)
I have found that this approach forces good design and better code.
I have modified the struts-example to use this.
Let me know if you would like a copy.
James Mitchell
Software Engineer\Struts Evangelist
Struts-Atlanta, the "Open Minded Developer Network"
http://www.open-tools.org/struts-atlanta
> -----Original Message-----
> From: Andrew Hill [mailto:andrew.david.hill@gridnode.com]
> Sent: Monday, July 01, 2002 5:56 AM
> To: Struts Users Mailing List
> Subject: RE: Login process
>
>
> Apart from the index.jsp, you would probably be best served by putting all
> your other jsps (that require authentication) in the WEB-INF
> directory. This
> way they can only be reached by an action forwarding to them and not
> directly.
>
> -----Original Message-----
> From: Heligon Sandra [mailto:Sandra.Heligon@nextream.fr]
> Sent: Monday, July 01, 2002 17:50
> To: 'struts-user@jakarta.apache.org'
> Subject: Login process
>
>
>
> Hi,
>
> I am trying to use the method processPreprocess of the
> RequestProcessor
> in order to authenticate web clients in my struts application.
> I am some doubt about the flow, when the index.jsp page is displayed
> this
> method is called, isn't it ?
> How can I distinguish an unauthorized request from a first request (
> index.jsp) ? Has somebody a sequence diagram that illustrate this
> "mechanism" ?
>
> Thanks
>
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Login process
Posted by Andrew Hill <an...@gridnode.com>.
Apart from the index.jsp, you would probably be best served by putting all
your other jsps (that require authentication) in the WEB-INF directory. This
way they can only be reached by an action forwarding to them and not
directly.
-----Original Message-----
From: Heligon Sandra [mailto:Sandra.Heligon@nextream.fr]
Sent: Monday, July 01, 2002 17:50
To: 'struts-user@jakarta.apache.org'
Subject: Login process
Hi,
I am trying to use the method processPreprocess of the
RequestProcessor
in order to authenticate web clients in my struts application.
I am some doubt about the flow, when the index.jsp page is displayed
this
method is called, isn't it ?
How can I distinguish an unauthorized request from a first request (
index.jsp) ? Has somebody a sequence diagram that illustrate this
"mechanism" ?
Thanks
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>