Thanks brati, r u writing a servlet filter . how did u approach it. can u show me a starting point. shilpa -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 03, 2004 5:59 PM To: Struts Users Mailing List Cc: 'Struts Users Mailing List' Subject: Re: Servlet filter
Shilpa, We are doing just that. A filter comes into effect before the control goes to the servlet. So if you can stop the user at the filter level you are actually saving some processing. We are checking for the presence of session in the filter. Brati Sankar Ghosh Tata Consultancy Services Mailto: [EMAIL PROTECTED] Website: http://www.tcs.com "Shilpa Vaidya" <[EMAIL PROTECTED]> 06/03/2004 03:41 PM Please respond to "Struts Users Mailing List" <[EMAIL PROTECTED]> To "'Struts Users Mailing List'" <[EMAIL PROTECTED]> cc Subject Servlet filter hey all, Preventing users from accesing action. I am writing a web app to manage administrators and profiles. Administrators may access to the web app based on the profiles they have. The profiles, determine which pages the administrator might access. The profiles, and authorizations, might change online during work, so I need to check authorization to access a page (Action) on each access.If I understand correct, then, the actionServlet, first process the form bean, and then the action.. But, if the user is not authorized to access a specific page (Action), I need to forward him to an UnAuthorized error page, before thr formAction bean is filled. I would like to use a servlet filter. This filter checks the users rights and instanciates a HttpServletRequest-Wrapper.But am not sure how - .Can anyone help.Till then me trying to study the ServletFilter examples here n there. Shilpa -- "This e-mail message may contain confidential, proprietary or legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The recipient acknowledges that ICICI Bank or its subsidiaries and associated companies, (collectively "ICICI Group"), are unable to exercise control or ensure or guarantee the integrity of/over the contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of ICICI Group.Before opening any attachments please check them for viruses and defects." ForwardSourceID:NT0000A91E -- "This e-mail message may contain confidential, proprietary or legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The recipient acknowledges that ICICI Bank or its subsidiaries and associated companies, (collectively "ICICI Group"), are unable to exercise control or ensure or guarantee the integrity of/over the contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of ICICI Group.Before opening any attachments please check them for viruses and defects."
