You can use a Struts token or set your own in session scope. I, for example, have each page in my app check for the existence of a session token for the user and if it does not exist, the user gets forwarded right back to the login page. This prevents bookmarking or guessing your way into the application.
Mark -----Original Message----- From: Bailey, Shane C. [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2003 7:39 PM To: [EMAIL PROTECTED] Subject: Can't decide where to do the Auth check -----Original Message----- From: Bailey, Shane C. [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: Can't decide where to do the Auth check I guess I have 3 top choices for doing a check for login (Authentication) before sending to the login page if they didn't login (Authenticate) or they timed out. First, I could extend the RequestProcessor (and as a sub question do I have to extend the TilesRequestProcessor if I am using Tiles?). Second, I could extend ActionServlet. Third, use a FilterServlet. The last one seems least attractive. The second one seems safest/easiest but seems like a pain since I am using modules (I believe I would have to have that stated in every struts config file. So that leaves me with the first choice. Also, do I have to extend TilesRequestProcessor if Tiles are used? Or do anything special so that the Tiles plugin still works if I extend the RequestProcessor? I think the mail-archive is still down but I wanted to look up past answers to this. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
