I usually perform complex authentication/authorization related checks in
a servlet filter and attach the results in simpler forms (i.e. boolean
objects) in the request for actions to access. IMHO such checks should
not exist in the JSP pages, even if performed by taglibs; a JSP page
should not be accessed directly anyway but via an action that can
perform the checks (or read them from a context)
hth,
Manos
struts Dude wrote:
Hi
I am going to use custom tags for checking
access to Jsp, if no user/bean bean in session,
then direct to login page.
And I am also going to check admin bean again
in Action before invoking life cycle methods
on business beans.
Now am I over kill with authentication??
I mean, if all JSP pages that require user/admin
access has custom tag that check for access
at top, then i don't really need to check
for authentication in Action classess.
But it may also be good practice to double check
for whatever reason.
Just curious what's the usual practice u ppl do.
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
