You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Lizzy Borden <li...@autistici.org> on 2007/10/16 15:29:12 UTC
login and session
Hello,
I am starting to learn struts2 and I need some help.
I have done a login form, if the loginAction returns SUCCESS I forward to a
index.jsp, if it returns ERROR I forward to login.jsp page again.
When the authentication is good I create a Session var called logged-in and
I set it to true:
Map session = ActionContext.getContext().getSession();
session.put("logged-in","true");
There is another action, the logoutAction, that remove the Session var.
Then I have done a loginCheck.jsp file I include in the index.jsp in order
to avoid unauthorized accesses.
The loginCheck,jsp file looks like this:
<%@ taglib prefix="s" uri="/struts-tags" %>
<%@ page language="java" contentType="text/html" import="java.util.*"%>
<html>
<head>
<title>Check validate!</title>
</head>
<body>
<%
try{
response.getWriter().println("DEBUG:"+request.getSession().getAttribute("logged-in"));
if
(request.getSession().getAttribute("logged-in").equals("true")){
// do nothing!
}else{
response.sendRedirect(request.getContextPath()+"/auth/login.jsp");
}
}catch(Exception e){
//e.printStackTrace();
response.getWriter().println("exception!");
response.sendRedirect(request.getContextPath()+"/auth/login.jsp");
}
%>
</body>
</html>
So, if the logged-in is setted to true, it's ok. Since the logged-in is
removed if I try to access the Session it generates an exception so, if the
exception happens I redirect to login.jsp page, but this redirect dosen't
work. why? How can I did wrong?
Can I also replace this code with the
<s:if test="#session.logged-in !='true' "> redirect else do nothing...but it
doesn't work too.
So the questions are:
1- why my redirection in the catch segment does not work? how can I handle
it?
2- writing the jsp code instead of struts tag is correct? Have I to use the
<s:if ..> tags ??
thanks
lizzie
--
View this message in context: http://www.nabble.com/login-and-session-tf4634204.html#a13233578
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: login and session
Posted by Lizzy Borden <li...@autistici.org>.
Thank you for the tip!
But, why my code doesn't work properly? why the redirect line dosen't work?
I have done a workaround by send an error instead of a redirect and it works
but I did not understand the reason.
bye
Tuyen Dinh Van wrote:
>
> Hi,
>
> You should use interceptors provided by struts 2 for authenticating the
> user. The interceptor provide you with easy coding according to AOP.
> You can take a look at the sample application accompanying with struts2
> distribution, that is mailreader.
>
> Tuyen Dinh
>
--
View this message in context: http://www.nabble.com/login-and-session-tf4634204.html#a13269977
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: login and session
Posted by Tuyen Dinh Van <tu...@gmail.com>.
Hi,
You should use interceptors provided by struts 2 for authenticating the
user. The interceptor provide you with easy coding according to AOP.
You can take a look at the sample application accompanying with struts2
distribution, that is mailreader.
Tuyen Dinh
On 10/16/07, Lizzy Borden <li...@autistici.org> wrote:
>
>
> Hello,
>
> I am starting to learn struts2 and I need some help.
> I have done a login form, if the loginAction returns SUCCESS I forward to
> a
> index.jsp, if it returns ERROR I forward to login.jsp page again.
>
> When the authentication is good I create a Session var called logged-in
> and
> I set it to true:
>
> Map session = ActionContext.getContext().getSession();
> session.put("logged-in","true");
>
> There is another action, the logoutAction, that remove the Session var.
> Then I have done a loginCheck.jsp file I include in the index.jsp in order
> to avoid unauthorized accesses.
> The loginCheck,jsp file looks like this:
>
>
> <%@ taglib prefix="s" uri="/struts-tags" %>
> <%@ page language="java" contentType="text/html" import="java.util.*"%>
> <html>
> <head>
> <title>Check validate!</title>
> </head>
> <body>
> <%
> try{
>
> response.getWriter
> ().println("DEBUG:"+request.getSession().getAttribute("logged-in"));
> if
> (request.getSession().getAttribute("logged-in").equals("true")){
> // do nothing!
> }else{
>
> response.sendRedirect(request.getContextPath()+"/auth/login.jsp");
> }
>
> }catch(Exception e){
> //e.printStackTrace();
> response.getWriter().println("exception!");
>
> response.sendRedirect(request.getContextPath()+"/auth/login.jsp");
> }
>
> %>
>
> </body>
> </html>
>
> So, if the logged-in is setted to true, it's ok. Since the logged-in is
> removed if I try to access the Session it generates an exception so, if
> the
> exception happens I redirect to login.jsp page, but this redirect dosen't
> work. why? How can I did wrong?
> Can I also replace this code with the
> <s:if test="#session.logged-in !='true' "> redirect else do nothing...but
> it
> doesn't work too.
>
> So the questions are:
>
> 1- why my redirection in the catch segment does not work? how can I handle
> it?
> 2- writing the jsp code instead of struts tag is correct? Have I to use
> the
> <s:if ..> tags ??
>
> thanks
> lizzie
> --
> View this message in context:
> http://www.nabble.com/login-and-session-tf4634204.html#a13233578
> Sent from the Struts - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>