Redirecting to a page has *nothing* to do with security constraints. If you have the necessary authority to that page then the page will be displayed without error. If you do not have the authority then an error will be generated. However, this does not mean that the redirect has failed. The redirect worked but the redirect target generated an error which, in any decent application, will be handled and the user will be presented with a meaningful error page or logon page.
So, the JSP *can* in fact be protected by container managed security. I have never said this is the *best* way of doing things but your assertion that the JSP page could not be protected by standard security constraints is just plain wrong. Steve > -----Original Message----- > From: Jing Zhou [mailto:[EMAIL PROTECTED] > Sent: June 29, 2003 11:12 AM > To: Struts Users Mailing List; [EMAIL PROTECTED] > Subject: Re: Sending a Redirect Directly from an Action Class > > > > ----- Original Message ----- > From: "Steve Raeburn" <[EMAIL PROTECTED]> > To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > Sent: Sunday, June 29, 2003 10:09 AM > Subject: RE: Sending a Redirect Directly from an Action Class > > > > The statement, "The JSP page somePage.jsp could not be protected by the > > standard security constraints." is incorrect. > > You recognized the discussion context is on the concerns of the > redirect to > the > JSP page /somePage.jsp, right? (Shoud I bring out the orignal text again?) > Let me ask you, if you put the page under a standard security constraint, > how can you perform a redirect to that page sucessfully? > Taking a statement out of its contexts is not very professional. > > > > > This discussion no longer has anything to do with Struts. > > However, it has something to do with the Struts users, > because you are misleading the Struts users when you said "not true" > or "is incorrect" to the original text. > > > > > Unless you disagree with either of these points can we now drop it, > please? > > You changed your arguments from *assuming* the action is protected > to the statement you mentioned above, could you drop the tactics, please? > > > > > Steve > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
