+1 using login fileter is a good way. This would be transparent and headach free too. Your Struts would not have to know about this application security. everything will be transparently handled by the filter.
Again check for some session attributs (eg, user name), if it is null, use a global forward to the login page. Get about in J2EE Tutorials - http://java.sun.com/javaee/reference/tutorials/ About filters here - http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Servlets8.html#wp64572 and in J2EE API docs - http://java.sun.com/j2ee/1.4/docs/api/ Cheers! Thomas Joseph From: "The Jasper" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <user@struts.apache.org> Sent: Monday, June 12, 2006 3:25 PM Subject: Re: sessions > hi, > > You could use a login filter. Have the filter check if they are logged > in via a session attribute. If the person is logged, then fine. > Otherwise redirect to the login page. On logging in you set the > session attribute. Now just set the web.xml so that everything has to > go through the login filter *except* the login page. > > mvg, > Jasper > > On 6/12/06, Abhimanyu Koul <[EMAIL PROTECTED]> wrote: > > hi all! > > i want to use session validation in my application. no user should be allowed to view any page without logging in. if any user say copies the action from the properties window into the address bar of the browser, he should be directed to the login page. no error message should be shown neither the user should be allowed to do some operations without logging in. > > > > can we use some feature of requestprocessor for that. what are the various methods to achieve that. > > > > regards > > Abhimanyu Koul > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
