You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Jason Meredith <Ja...@fimat.co.uk> on 2003/07/22 10:29:29 UTC
Session management
Chaps
I am sure this question has been asked before, if it has please point me in
the right direction (URL - example)
A user log's into a web site, once the user has been authenticated, a
session is created , there are many different actions that a user can
perform, and it is easy to check if a session exists or has expired within
each action. If the session times out, then a user is redirected back to
the login page. No problem.
What do I do for those pages that do not have actions, pages that have
global forwards for example (org.apache.struts.actions.ForwardAction),
things like legal pages, site maps, and so on? I don't want to create an
action just to display a simple JSP/HTML page, that's why I used a forward.
Regards
Jason Meredith
*******************************************************************
The e-mail and any attachments are confidential. They may contain
privileged information and are intended for the named addressee(s)
only. If you are not the intended recipient, please notify us
immediately and do not disclose, distribute, or retain this e-mail
or any part of it.
Unless expressly stated, opinions in this e-mail are those of the
individual sender and not of the FIMAT Group. We believe but do not
warrant that this e-mail and any attachments are virus free.
You must therefore take full responsibility for virus checking.
The FIMAT Group reserve the right to monitor e-mail communications
through its networks.
Where this communication constitutes a financial promotion it is issued
and approved by Fimat International Banque S.A. (UK Branch) and is
only intended for persons of a kind described in article 19(5) of the
Financial Services and Markets Act 2000 (Financial Promotion) Order
2001. This information is not intended to be distributed to UK "Private
Customers" (as defined by the Financial Services Authority).
Fimat International Banque S.A. (UK Branch) whose registered branch
in England is at SG House, 41 Tower Hill, London EC3N 4SG is authorised
by the Commission Bancaire in France and by the UK Financial Services
Authority; regulated by the Financial Services Authority for the conduct of
UK Business and is entered in the Financial Services Authority's register
(Register Number 183415), access to which can be gained via the following
link: www.fsa.gov.uk/register/
Member and a SETS Participant of the London Stock Exchange ("LSE").
Where this communication is confirming an "on exchange" transaction
(as defined by the LSE),the transaction is subject to the rules of the LSE.
Any information, opinions, estimates and forecasts contained in this
document have been arrived at or obtained from public sources believed
to be reliable and in good faith which has not been independently
verified and no warranty, express or implied, is made as to their accuracy,
completeness or correctness.
This document is not an offer to sell or a solicitation to acquire or dispose
of an interest in financial instruments.
If you have received this transmission in error, please telephone
+44 020 7676 8999 immediately so that we can arrange for its return.
*******************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Session management
Posted by Max Cooper <ma...@maxcooper.com>.
Jason,
Authentication and session creation are mostly independent -- you can have a
user with a session that has not been authenticated. I think a user will
always have a session once they have been authenticated, however.
I am not sure I understand quite what you are asking, but you can certainly
have simple JSP/HTML pages that don't have an action in front of them. For
instance, if you had a /sitemap.jsp page, you can link to it directly or use
a global forward (preferably with redrect="true" so the displayed page
content matches the URL in the address bar) to access it. If that page
requires a session, that is no problem even if the user is not
authenticated. If the page has features (like a "Good Morning, joeuser"
greeting), you must be prepared for the possibility that the user won't be
authenticated yet, and request.getRemoteUser() will return null. If you use
a security-constraint to require that the user authenticate themselves
before seeing a given page, you can assume that request.getRemoteUser() will
return a username since the user must be authenticated to view the page in
the first place.
Hope that helps,
-Max
----- Original Message -----
From: "Jason Meredith" <Ja...@fimat.co.uk>
To: "Struts Users Mailing List" <st...@jakarta.apache.org>
Sent: Tuesday, July 22, 2003 1:29 AM
Subject: Session management
>
> Chaps
>
> I am sure this question has been asked before, if it has please point me
in
> the right direction (URL - example)
>
> A user log's into a web site, once the user has been authenticated, a
> session is created , there are many different actions that a user can
> perform, and it is easy to check if a session exists or has expired within
> each action. If the session times out, then a user is redirected back to
> the login page. No problem.
>
> What do I do for those pages that do not have actions, pages that have
> global forwards for example (org.apache.struts.actions.ForwardAction),
> things like legal pages, site maps, and so on? I don't want to create an
> action just to display a simple JSP/HTML page, that's why I used a
forward.
>
> Regards
>
> Jason Meredith
>
>
>
> *******************************************************************
> The e-mail and any attachments are confidential. They may contain
> privileged information and are intended for the named addressee(s)
> only. If you are not the intended recipient, please notify us
> immediately and do not disclose, distribute, or retain this e-mail
> or any part of it.
>
> Unless expressly stated, opinions in this e-mail are those of the
> individual sender and not of the FIMAT Group. We believe but do not
> warrant that this e-mail and any attachments are virus free.
> You must therefore take full responsibility for virus checking.
> The FIMAT Group reserve the right to monitor e-mail communications
> through its networks.
>
> Where this communication constitutes a financial promotion it is issued
> and approved by Fimat International Banque S.A. (UK Branch) and is
> only intended for persons of a kind described in article 19(5) of the
> Financial Services and Markets Act 2000 (Financial Promotion) Order
> 2001. This information is not intended to be distributed to UK "Private
> Customers" (as defined by the Financial Services Authority).
>
> Fimat International Banque S.A. (UK Branch) whose registered branch
> in England is at SG House, 41 Tower Hill, London EC3N 4SG is authorised
> by the Commission Bancaire in France and by the UK Financial Services
> Authority; regulated by the Financial Services Authority for the conduct
of
> UK Business and is entered in the Financial Services Authority's register
> (Register Number 183415), access to which can be gained via the following
> link: www.fsa.gov.uk/register/
>
> Member and a SETS Participant of the London Stock Exchange ("LSE").
> Where this communication is confirming an "on exchange" transaction
> (as defined by the LSE),the transaction is subject to the rules of the
LSE.
> Any information, opinions, estimates and forecasts contained in this
> document have been arrived at or obtained from public sources believed
> to be reliable and in good faith which has not been independently
> verified and no warranty, express or implied, is made as to their
accuracy,
> completeness or correctness.
>
> This document is not an offer to sell or a solicitation to acquire or
dispose
> of an interest in financial instruments.
>
> If you have received this transmission in error, please telephone
> +44 020 7676 8999 immediately so that we can arrange for its return.
> *******************************************************************
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Session management
Posted by Erik Price <ep...@ptc.com>.
Jason Meredith wrote:
> Chaps
>
> I am sure this question has been asked before, if it has please point me in
> the right direction (URL - example)
>
> A user log's into a web site, once the user has been authenticated, a
> session is created , there are many different actions that a user can
> perform, and it is easy to check if a session exists or has expired within
> each action. If the session times out, then a user is redirected back to
> the login page. No problem.
>
> What do I do for those pages that do not have actions, pages that have
> global forwards for example (org.apache.struts.actions.ForwardAction),
> things like legal pages, site maps, and so on? I don't want to create an
> action just to display a simple JSP/HTML page, that's why I used a forward.
Chappie,
If you use container-managed authentication, then you know what to do --
simply specify these other resources in your CMA mappings. However, I'm
guessing that you aren't using CMA in this case.
Best bet would be to migrate your authentication code (where you check
for session validity) out of the Actions and into a
javax.servlet.Filter, and then map this Filter to any resources which
need to be protected.
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
RE: Session management
Posted by Navjot Singh <na...@net4india.net>.
|What do I do for those pages that do not have actions, pages that have
|global forwards for example (org.apache.struts.actions.ForwardAction),
|things like legal pages, site maps, and so on? I don't want to create an
|action just to display a simple JSP/HTML page, that's why I used a forward.
|
these pages that do not have actions are surely not important enough
to be cared whether the user is logged in or not. or i am not able to
understand your requirement.
-navjot
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org