You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@velocity.apache.org by Stephan Jones <st...@redpillconsulting.com> on 2003/07/14 21:55:07 UTC

New User Question - Login validation - emulating jsp tags

I am trying to emulate the functionality of the struts login example
provided with the struts download

I want to check that a person Is logged into a session ( and validated)
before displaying pages.
The struts example does this using a defined tag. How would I do this using
a velocity template?


The jsp

<%@ taglib uri="/WEB-INF/app.tld" prefix="app" %>
<app:checkLogon/>






---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org

Re: New User Question - Login validation - emulating jsp tags

Posted by Nathan Bubna <na...@esha.com>.

Stephan Jones said:
> I am trying to emulate the functionality of the struts login example
> provided with the struts download

not a bad idea.  of course, it has been done... :)

if you are using velocity-tools, you will notice it comes with 3 example
applications.  the "velstruts" example app contains 5 mini-apps of a sort.
one of those mimics the struts login example.

http://cvs.apache.org/viewcvs/jakarta-velocity-tools/examples/struts/examples/

i believe the logon mini-app is "app3"

Nathan Bubna
nathan@esha.com


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org

Re: New User Question - Login validation - emulating jsp tags

Posted by Nathan Bubna <na...@esha.com>.

Tim Colson said:
> I know this probably isn't the exact answer you were looking for... and
> of course, Nathan or others may swoop in to tell me I'm all wet. :-)

never!  you're just a wee bit damp is all.  ;-)

> In the meantime, I suggest adding having a look at the authentication
> rules for your servlet container. Tomcat for ex. can automatically
> disallow pages/actions/paths to be requested unless the user has a valid
> logged in session. The View doesn't have to think real hard in this
> case, since the container takes care of things for it. :-)

now this part is excellent advice! :)

Nathan Bubna
nathan@esha.com


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org

Re: New User Question - Login validation - emulating jsp tags

Posted by Anthony Eden <ae...@signaturedomains.com>.

Tim Colson wrote:

>One of the things a JSP can do that a Velocity template can't is forward
>control to another template. Oh sure, Velocity can include/parse other
>templates... but it doesn't have the JSP ability to literally forward
>'control' to an entirely different template. That's what the checkLogon
>appears to do... so that's why I'm thinking the VelocityStruts stuff
>won't work the same.
>

FWIW, I don't think this is necessarily true.  If you expose the request 
and response objects in the context then there is no reason that a 
Velocity template couldn't create a request dispatcher and forward the 
request in the same way a JSP does.  It may be necessary to write the 
Velocity output to a buffer instead of directly to the Servlet output 
stream, but beyond that the behavior should be able to be duplicated.

Sincerely,
Anthony Eden

---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org

RE: New User Question - Login validation - emulating jsp tags

Posted by Tim Colson <tc...@cisco.com>.

Stephan wrote: 
> So if I understand correctly its not politically correct to call the
> templates directly.
Well, I didn't mean to imply that, sorry. While there are folks that
would probably argue against making the templates visible directly, I
was just pointing out that there is a difference between VM and JSP in
that an entire application can be built using just JSP (i.e. Model I). 

I can imagine how an entire Model I type app could be created with just
Velocity and some Context Tools, but it wouldn't be all that common. And
since we're talking about using Struts (which is a Model II MVC
framework), it seems less likely. :-)

One of the things a JSP can do that a Velocity template can't is forward
control to another template. Oh sure, Velocity can include/parse other
templates... but it doesn't have the JSP ability to literally forward
'control' to an entirely different template. That's what the checkLogon
appears to do... so that's why I'm thinking the VelocityStruts stuff
won't work the same.

Hope that clears things up :-)
Timo

---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org

RE: New User Question - Login validation - emulating jsp tags

Posted by Stephan Jones <st...@redpillconsulting.com>.

So if I understand correctly its not politically correct to call the
templates directly.

Ill look into modifying my approach.

Thank you for your response

-----Original Message-----
From: Tim Colson [mailto:tcolson@cisco.com]
Sent: July 14, 2003 1:34 PM
To: 'Velocity Users List'
Subject: RE: New User Question - Login validation - emulating jsp tags

Stephan -
 I expect Nathan will swoop in and correct me, but I'll go out on a limb
here. :-)

I have never used the app:CheckLogon tag, so your post made me curious.
I had a look at the src of the taglib.
(\jakarta-struts\src\example\org\apache\struts\webapp\example\CheckLogon
Tag.java)

I pulled out salient bits (shown below). I'm going to bet this
funcationality probably will not be handled by the existing
VelocityStruts lib. There are JSP specific bits (ex. PageContext,
logon.jsp, and page forwarding) in there.

Checking for a valid user session probably makes more sense in JSP pages
since they can be called directly and do some work without a servlet.
The Velocity pages can also be called directly (assuming they are placed
in a public directory) but can't really do all that much without the
servlet backend. And forwarding to another page just isn't in their
capability. I think this functionality might just be an 'impedence
mismatch' between JSP and VM.

I know this probably isn't the exact answer you were looking for... and
of course, Nathan or others may swoop in to tell me I'm all wet. :-)

In the meantime, I suggest adding having a look at the authentication
rules for your servlet container. Tomcat for ex. can automatically
disallow pages/actions/paths to be requested unless the user has a valid
logged in session. The View doesn't have to think real hard in this
case, since the container takes care of things for it. :-)


Cheers,
Timo
----


/**
* The key of the session-scope bean we look for.
*/
    private String name = Constants.USER_KEY;
/**
* The page to which we should forward for the user to log on.
*/
private String page = "/logon.jsp";

/**
 * Perform our logged-in user check by looking for the existence of
 * a session scope bean under the specified name.  If this bean is not
 * present, control is forwarded to the specified logon page.
 *
 * @exception JspException if a JSP exception has occurred
 */
public int doEndTag() throws JspException {
// Is there a valid user logged on?
boolean valid = false;
HttpSession session = pageContext.getSession();
if ((session != null) && (session.getAttribute(name) != null))
        valid = true;
// Forward control based on the results
if (valid)
        return (EVAL_PAGE);
else {
        try {
        pageContext.forward(page);
        } catch (Exception e) {
        throw new JspException(e.toString());
        }
        return (SKIP_PAGE);
}
}




> -----Original Message-----
> From: Stephan Jones [mailto:stevej@redpillconsulting.com]
> Sent: Monday, July 14, 2003 12:55 PM
> To: velocity-user@jakarta.apache.org
> Subject: New User Question - Login validation - emulating jsp tags
>
>
> I am trying to emulate the functionality of the struts login example
> provided with the struts download
>
> I want to check that a person Is logged into a session ( and
> validated)
> before displaying pages.
> The struts example does this using a defined tag. How would I
> do this using
> a velocity template?
>
>
> The jsp
>
> <%@ taglib uri="/WEB-INF/app.tld" prefix="app" %>
> <app:checkLogon/>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: velocity-user-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org

RE: New User Question - Login validation - emulating jsp tags

Posted by Tim Colson <tc...@cisco.com>.

Stephan -
 I expect Nathan will swoop in and correct me, but I'll go out on a limb
here. :-)

I have never used the app:CheckLogon tag, so your post made me curious.
I had a look at the src of the taglib.
(\jakarta-struts\src\example\org\apache\struts\webapp\example\CheckLogon
Tag.java)

I pulled out salient bits (shown below). I'm going to bet this
funcationality probably will not be handled by the existing
VelocityStruts lib. There are JSP specific bits (ex. PageContext,
logon.jsp, and page forwarding) in there.

Checking for a valid user session probably makes more sense in JSP pages
since they can be called directly and do some work without a servlet.
The Velocity pages can also be called directly (assuming they are placed
in a public directory) but can't really do all that much without the
servlet backend. And forwarding to another page just isn't in their
capability. I think this functionality might just be an 'impedence
mismatch' between JSP and VM. 

I know this probably isn't the exact answer you were looking for... and
of course, Nathan or others may swoop in to tell me I'm all wet. :-)

In the meantime, I suggest adding having a look at the authentication
rules for your servlet container. Tomcat for ex. can automatically
disallow pages/actions/paths to be requested unless the user has a valid
logged in session. The View doesn't have to think real hard in this
case, since the container takes care of things for it. :-)


Cheers,
Timo
----


/**
* The key of the session-scope bean we look for.
*/
    private String name = Constants.USER_KEY;
/**
* The page to which we should forward for the user to log on.
*/
private String page = "/logon.jsp";

/**
 * Perform our logged-in user check by looking for the existence of
 * a session scope bean under the specified name.  If this bean is not
 * present, control is forwarded to the specified logon page.
 *
 * @exception JspException if a JSP exception has occurred
 */
public int doEndTag() throws JspException {
// Is there a valid user logged on?
boolean valid = false;
HttpSession session = pageContext.getSession();
if ((session != null) && (session.getAttribute(name) != null))
	valid = true;
// Forward control based on the results
if (valid)
	return (EVAL_PAGE);
else {
	try {
	pageContext.forward(page);
	} catch (Exception e) {
	throw new JspException(e.toString());
	}
	return (SKIP_PAGE);
}
}




> -----Original Message-----
> From: Stephan Jones [mailto:stevej@redpillconsulting.com] 
> Sent: Monday, July 14, 2003 12:55 PM
> To: velocity-user@jakarta.apache.org
> Subject: New User Question - Login validation - emulating jsp tags
> 
> 
> I am trying to emulate the functionality of the struts login example
> provided with the struts download
> 
> I want to check that a person Is logged into a session ( and 
> validated)
> before displaying pages.
> The struts example does this using a defined tag. How would I 
> do this using
> a velocity template?
> 
> 
> The jsp
> 
> <%@ taglib uri="/WEB-INF/app.tld" prefix="app" %>
> <app:checkLogon/>
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: velocity-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org