I guess it depends on what sort of application you have.
Normally, you might display a welcome page and give access to all the stuff that doesn't need a user to login. If everything requires them to be authenticated, you could just display the welcome + the login form.
Once they log in, display some sort of welcome page for that user. This might have the menu of links they can use. If you use tiles you can insert a tile for a user or admin based on role eg <tiles:insert name="menu-user.jsp" role="user"/>
Or use the struts logic tag <logic:present role="user,guest"> which would allow only roles user and guest.
Another way is just to display the link to an action in /user/*, if they click on the link and they are not authenticated or have the role of 'user' they will be directed to the login form. Once they login and they have the role of 'user' then they will get to the /user/* action they requested at the start. So you don't need to do any thing special in this case.
As for populating a User bean into a session once they are authenticated.... I have done this in the past with a filter. I place it after the security filter in the chain of filters. It checks if the user is logged in, if they are and there is no session bean, the filter creates+populates the bean and stores it in the session ready for any action that needs to use it.
In the struts config you can add a role="admin" parameter. It means struts will check that the user has that role before it allows the action to be executed. Can't remember what happens if they are not authenticated - might throw an exception that you can catch and display an error message?
struts Dude wrote:
Hi Jason,
How do I use a login form that branch out to 2
restricted area depending on user's role using
SecurityFilter? i.e.
- if user has user role and log on, give access
to /user/*
- if user has admin role and log on, give access
to /admin/*
The only way I can think of how to do this is to
use 2 links to 2 login forms, 1 form for each.
BTW, can I assign roles for each Action in struts-config.xml so that I don't have to
prefix path attribute of each Action with /user or /admin?
Thanks
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Jason Lea
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
