Scenario: I need to implement a security scheme so that when a user tries to access a secure page without logging in first, (s)he is sent to the login form page. Upon successful authentication, the original page which the user tried to access.
App server is WebLogic 6.1 SP1, as a result, I cannot: 1. Put the JSP pages under /WEB-INF to let the app server take care of protecting them 2. Use web container-based security scheme because in WebLogic it always send you to the welcome page after logging in, not the page the user wants to go to So far I have done the following: 1. To protect the JSP pages from being bookmarked and accessed without logging in, I use a CheckLogonTag on each JSP, redirecting the user to the login form page if (s)he has not logged in. I pass the action path of the JSP page around as a HTTP request parameter so that after authentication I know whether to send the user 2. To protect the Action URI (/do/action1 or /action1.do), I extend the ActionServlet and override the processActionPerform method to check the session variable and redirect to the login form page as necessary I hate to duplicate the security checking logic in 2 places but I haven't figured out a way to consolidate them. Can anyone share some good ideas on how to implement the security requirement I described above using Struts and WebLogic 6.1? Thanks. Eric Ma -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
