On Tue, 13 Aug 2002, Struts Newsgroup wrote:
> Date: Tue, 13 Aug 2002 21:10:02 -0700
> From: Struts Newsgroup <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: What is a better way to check user login?
>
> Subject: What is a better way to check user login?
> From: "Hu Ji Rong" <[EMAIL PROTECTED]>
> ===
> Hi,
>
> I saw various ways to check user login in Struts, but a bit confused.
> CheckLogon Tag in Struts example, check user session data, overwrite the
> ActionServlet, and so on. Overwrite the ActionServlet maybe also have
> problem to migrate to 1.1?
>
> Can anyone point to a right way? We have normally form based login page to
> validate the user.
>
If you are using container managed security (in other words, you have one
or more <security-constraint> elements plus a <login-config> element in
your web.xml file), you do *not* need anything like the CheckLogon tag in
the example application. The container will do all the necessary checking
for you.
The reason that the sample application does its own "logon checking" is so
that the sample WAR file can be deployed, out of the box, with no setup as
a test of whether Struts works on your particular application server. For
real applications, using container managed security is by far the
preferred alternative.
> Thanks,
> JiRong
>
Craig McClanahan
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
