Mark,
Check out my SecurityFilter project: http://securityfilter.sourceforge.net/
The other alternative that I would suggest is using container-managed
security. SecurityFilter is designed to mimic container managed security, so
it is easy to switch back and forth if you aren't ready to decide which
approach to take. The behavior is essentially the same, and the config file
format is also extremely similar (so you can cut and paste your security
settings between the two when switching).
-Max
----- Original Message -----
From: "Mark Silva" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Wednesday, September 25, 2002 12:03 PM
Subject: Struts Authentication Filter
hello all,
I am attempting to write an Authentication Filter (Servlet Filter) for my
Stuts App. It is pretty simple so far. it just checks to see if a User has
Authenticated yet (from the session), and if not calls sendRedirect on the
response. code and xml below....
public void doFilter...
...
HttpSession session = request.getSession();
if(!SecurityManager.isUserAuthenticated(session))
response.sendRedirect("login.do");
else
chain.doFilter(request, response);
<filter>
<filter-name>authenticationFilter</filter-name>
<filter-class>AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>authenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
my question, is how i can give the filter a list of pages that are
unathenticated. and to entend that idea, a list of pages that can only be
authenticated by an admin. i have seen that the FilterConfig can be used to
get init parameters, but these only seem to be single values. not a list of
potential URLs.... does any one have a solution to this problem?
thanks,
mark
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
