[EMAIL PROTECTED] wrote:
Hi *,
I am new to struts and to this group. Is there any standard way of doing
session management.
For eg, user is not allowed to access any resource(jsp pages directly)
unless he logins. When he tries he should be directed to login page.
Is there any standard way of doing this. Struts framework has any
standard way of handling this issue.
You're looking for web application security and access control, rather
than session management. There are lots of options, the 'standard' one
being container-managed security. Other approaches involve implementing
your own access control in a base Action or servlet filter.
Struts includes support for 'role based' access control, based on the
standard Servlet authentication APIs; you can restrict any action based
on the user role as used by HttpServletRequest.isUserInRole() [1].
L.
[1] http://tomcat.apache.org/tomcat-5.0-doc/servletapi/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
