Adam, It sounds like you have your "protected" logic in the JSP. If so, then the JSP will always be rendered. You should instead put such security logic in the application, such as in the Struts Controller. It's no good putting it on the JSP.
Paul On 4/24/07, Adam Gordon <[EMAIL PROTECTED]> wrote:
Hi- So we're using ForwardAction for URIs that can just link to a JSP page and don't need a customized Struts Action to perform tasks ahead of time. When a user connects to our website, we essentially direct the user to the default main page, which is protected, so they have to log in first before accessing it. If the user tries to link directly to another URL (something.do) on our website that is protected, likewise, they are first directed to the login page, and then the request is redirected to the page they originally wanted. The behavior I'm seeing is that when the user links directly to a protected page (again, something.do) on our website the following occurs: If the .do is linked to a custom struts action OR if the ForwardAction is used AND the JSP has a scriptlet tag (along w/ HTML) <% ... %> the above described redirect occurs. However, if I remove the scriptlet tags and no Java code is present in the JSP (but the HTML still is), then the JSP is displayed for a split second (one can see it) and then the user is directed to the main page. I tried a very, very simple scriptlet with 'String foo = "foo";' and the correct behavior occurs - i.e., the redirect to the main page does not occur. Anyone have any ideas? Thanks. --adam --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
