On 22-08-2008 at 20:22, Laurent Perez wrote: > I need to protect various screens of an administration backend, i.e a > user has to be logged in in order to see the screens, otherwise, it > will be returned to a login page. When the login is successfull, a > User object is stored into a session. > [cut: description of an attempt to use an Interceptor for this]
Actuall, J2EE provides an excellent mechanism for most protections: the security-constraint and login-config tags. I usually protect all protected pages as requiring the role * (i.e. any role will do). Then I can use either J2EE or an interceptor to check if the user is authorized for a particular action. I use J2EE for simple stuff (access is granted by role), and an interceptor for advanced stuff (a user may see only his own data). Oscar -- ,-_ Work and acquire, and thou hast chained the wheel of Chance. /() ) (__ ( -- Ralph Waldo Emerson =/ () ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
