11.3. Securing a JSP Page
Problem
You want to ensure users can access a JSP page only if they are logged in.
Solution
Use a custom JSP tag, like the checkLogon tag from
the Struts Mail Reader example application, on pages that require
users to be logged in. The checkLogon tag is shown
in Example 11-5.
Example 11-5. Struts-example check logon tag
package org.apache.struts.webapp.example; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpSession; import javax.servlet.jsp.JspException; import javax.servlet.jsp.tagext.TagSupport; import org.apache.struts.config.ModuleConfig; /** * Check for a valid User logged on in the current session. If there is no * such user, forward control to the logon page. * * @author Craig R. McClanahan * @author Marius Barduta * @version $Revision: 1.5 $ $Date: 2005/03/21 18:08:09 $ */ public final class CheckLogonTag extends TagSupport { // --------------------------------------------------- Instance Variables /** * The key of the session-scope bean we look for. */ private String name = Constants.USER_KEY; /** * The page to which we should forward for the user to log on. */ private String page = "/logon.jsp"; // ----------------------------------------------------------- Properties /** * Return the bean name. */ public String getName( ) { return (this.name); } /** * Set the bean name. * * @param name The new bean name */ public void setName(String name) { this.name = name; } /** * Return the forward page. */ public ...Get Jakarta Struts Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
