On Thu, 2003-07-03 at 15:27, Dolf Starreveld wrote: > > > How about deriving all your actions from a base class that checks if > the requisite objects are in session, and if not, either puts them > there, or forwards/redirects to a page which will cause them to be > put there. > If you prefer, you can of course also do this in a RequestProcessor subclass. > > I do the former and it works like a charm under any container (in my > case Jetty and SecurityFilter).
he he that's exactly what I do do (see earlier post from a little while ago:). I just wanted to give Container managed security a try since it seems to be the rage these days:) -- Rick my post similar to yours was: I like to subclass the RequestProcessor and over-ride the process method: public void process(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { Here I do a simple check to make sure that there is a "UserBean" in session scope. If it is not then the are forwarded to the login Page which submits to the LoginAction and everything gets setup like you mentioned. Seems clean and simple to me. Only small problem is if later on way down the road the RequestProcessor changes in Struts. The other thing I like is just make sure the only way you can get anywhere is through an Action mapping /do/* or .do whatever. Then I have all my actions extend a BaseAction (BaseDispatchAction actually). In there I overwrite the execute method which does the same as in the over-ridden class above. This later idea is probably better but you just have to remember to make sure all your actions extend a BaseAction. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]