You have many options: 1. The filter route like http://securityfilter.sourceforge.net.
2. As suggested override how the process works. In older versions of Struts you can do as suggested and override one of the process methods (I also recommend processRoles) while in some (not sure which) versions you can add a command to the chain if your version uses the COR (Commons Chain of Responsibility). That could check if the session is valid, if the path begins with a url you specify as being protected (like "/this", "/secured", etc.). 3. Make a base action where you check for your criteria in every action's execute() method. Then have it invoke a custom "myExecute()" method which is where you would put the code you normally put in execute(). I learned this approach from Struts In Action's scaffold framework. I found the source is still available at the publisher's site at the bottom of the page listed as "husted_src.zip" however I don't recommend it without the book. Inside it are two versions of the Scaffold (that the book would explain) named struts-scaffold_1_0.zip and struts-scaffold_1_1.zip. 4. The traditional /WEB-INF/web.xml security-constraint related method. You can find some docs on those in this WebSphere page example: http://www.caucho.com/resin-3.0/config/webapp.xtp These four choices should be enough for you. There might be a few other ways but those are the ones that come to my mind immediately. I am sure other list subscribers will chime in soon with other ways of securing webapps. If not you can check the Struts Wiki Security page for at least 4 more (some are OLD like SecurityFilter) http://wiki.apache.org/struts/ApplicationSecurity?highlight=%28security%29 Regards, David -----Original Message----- From: Monkeyden [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 05, 2006 12:10 PM To: Struts Users Mailing List Subject: Re: Security for the Struts web application You could override the processPreprocess or processRoles method of RequestProcessor. If you only need to check for a session, more likely the former. If you have more fine-grained security (like role-based screens) then you could do it in the latter. On 9/5/06, SrinivasaReddy <[EMAIL PROTECTED]> wrote: > > HI All.., > > I am developing an web application in Struts. I want to give the security > for the application > like > --> if the session present(user is logged in) then only requested pages > should display otherwise redirect to login page. > > In this application all pages are secured. > > Anyone help me.. > > Regards > Nivas --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
