See in-line. ----- Original Message ----- From: "Konstantin Priblouda" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 02, 2003 3:10 PM Subject: Re: [OS-webwork] LoginAction question
> > --- Bernardinus <[EMAIL PROTECTED]> wrote: > > Hi all, > > > > Suppose that I want to protect my web app with > > custom login, so that every > > request to the web-app's resources are intercepted > > and validated (custom). > > Login validation will re-direct user to appropriate > > resources. In WW-2, how > > do I do that? > > My first thought is to employ Servlet Filter to > > intercept all requests. > > Alternative is to employ login interceptor, however > > as my understanding of > > it, interceptors works on action based requests. > > That is if I have <ww:form > > action="...">....</ww:form> or calling <www:action > > ..../> tag. No? > > What if I want to prevent static resource (such as > > jsp page which has a link > > to another action-ed page) from being accessed > > without proper access code? > > That is to prevent user typing directly the url of > > the jsp page (static in > > this case). And no, putting the web resources under > > WEB-INF dir is not an > > option here. > > > > So, how would you guys implement such logic? Any > > advice is highly > > appreciated. > > I used filter approach for access control. > My portal app consists of several > "application" ( each with own directory tree ) and > every "application" consitst of some "screens" - > their configuration lives in XML, and access control > is done through filter. > The filter approach seems nicer > Actions can [must not] perform own access control. > Care to eleborate on this? > > Access control is done via OSUser. > Thanks for pointing out OSUser. I've never used it. May consider it for future projects :) Thanks Konstantin. /bernard ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
