There are different ways of implementing a secure site, and many variables involved.
When you say you want to see if the session is "valid," are you talking about name/password authentication, or some other session attribute? If the former, you can implement a standard J2EE security model in the web app deployment descriptor (web.xml), specifying which user roles can access which pages (such "*.do"), and exempting specified other resources (e.g. "login.do"). This will automatically prevent users from accessing pages without being authenticated first, and also enable you to configure session timeouts easily. It's also an easy, central, and standard method of configuring security, and fits in neatly with the roles-based configuration in the Struts config file. Your options would work as well, but wouldn't be very flexible or easy to manage, especially if you expect the application to get big. -----Original Message----- From: Joao Batistella [mailto:[EMAIL PROTECTED] Sent: Friday, March 12, 2004 2:55 PM To: 'Struts Users Mailing List' Subject: Checking if user has a valida session Hello. I have to check in my application if the user has a valid session in every page and, if not, redirect him to the login page. What is the best way of doing this? I see 3 options: 1. Put an include or tag in every page that checks this 2. Check this in my struts action 3. Use a servlet filtering to filter all .jsp or .do requests I'm thinking about adopting solution number 3. Is it the best aproach? Thanks, JP --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
