--- Bernardinus <[EMAIL PROTECTED]> wrote: > Hi all, > > Suppose that I want to protect my web app with > custom login, so that every > request to the web-app's resources are intercepted > and validated (custom). > Login validation will re-direct user to appropriate > resources. In WW-2, how > do I do that? > My first thought is to employ Servlet Filter to > intercept all requests. > Alternative is to employ login interceptor, however > as my understanding of > it, interceptors works on action based requests. > That is if I have <ww:form > action="...">....</ww:form> or calling <www:action > ..../> tag. No? > What if I want to prevent static resource (such as > jsp page which has a link > to another action-ed page) from being accessed > without proper access code? > That is to prevent user typing directly the url of > the jsp page (static in > this case). And no, putting the web resources under > WEB-INF dir is not an > option here. > > So, how would you guys implement such logic? Any > advice is highly > appreciated.
I used filter approach for access control. My portal app consists of several "application" ( each with own directory tree ) and every "application" consitst of some "screens" - their configuration lives in XML, and access control is done through filter. Actions can [must not] perform own access control. Access control is done via OSUser. regards, ===== ----[ Konstantin Pribluda ( ko5tik ) ]---------------- Zu Verstärkung meines Teams suche ich ab Sofort einen Softwareentwickler[In] für die Festanstellung. Arbeitsort: Mainz Skills: Programieren, Kentnisse in OpenSource-Bereich ----[ http://www.pribluda.de ]------------------------ __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
