Using sessions? Have you used servlet roles before?
chanoch ------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Although we routinely screen for viruses, recipients should check this e-mail and any attachment for viruses. We make no warranty as to absence of viruses in this e-mail or any attachments. -----Original Message----- From: Hoang, Hai [mailto:[EMAIL PROTECTED]] Sent: 14 October 2002 15:23 To: 'struts-user' Subject: The best practices regarding secure JSP and Action classes I want to secure the admin portion of my application from unauthorized users. What is the best way to achieve this task? Should I include a "CheckUser" tag on every jsp pages and call a "CheckUser" function on every single action class? I don't want the user to just key in the direct url of the jsp page or calling the action class directly. But doing this, I've to go to the database twice on every action. Do you know a better way? ________________________________________________________________________ _ Introducing the all new and improved continental.com. With a totally new personalized design, it's the best place to go. Before you go. Continental Airlines. Work Hard. Fly Right. http://www.continental.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
