Re: ForwardAction question/issue

Wed, 25 Apr 2007 08:45:45 -0700 

Paul-
Sorry if that wasn't clear, we're actually using JAAS for authentication so all the protected logic is in Java land, not the JSP (as it should be). We figured out what the problem was - it was a rogue cookie combined with some onload javascript functionality. Thanks. 

--adam

Paul Benedict wrote:

Adam,


It sounds like you have your "protected" logic in the JSP. If so, then 
the
JSP will always be rendered. You should instead put such security 
logic in
the application, such as in the Struts Controller. It's no good 
putting it

on the JSP.

Paul

On 4/24/07, Adam Gordon <[EMAIL PROTECTED]> wrote:


Hi-

So we're using ForwardAction for URIs that can just link to a JSP page
and don't need a customized Struts Action to perform tasks ahead of
time.  When a user connects to our website, we essentially direct the
user to the default main page, which is protected, so they have to log
in first before accessing it.

If the user tries to link directly to another URL (something.do) on our
website that is protected, likewise, they are first directed to the
login page, and then the request is redirected to the page they
originally wanted.

The behavior I'm seeing is that when the user links directly to a

protected page (again, something.do) on our website the following 
occurs:


If the .do is linked to a custom struts action OR if the ForwardAction
is used AND the JSP has a scriptlet tag (along w/ HTML) <% ... %> the
above described redirect occurs.  However, if I remove the scriptlet
tags and no Java code is present in the JSP (but the HTML still is),
then the JSP is displayed for a split second (one can see it) and then
the user is directed to the main page.  I tried a very, very simple
scriptlet with 'String foo = "foo";' and the correct behavior occurs -
i.e., the redirect to the main page does not occur.

Anyone have any ideas?  Thanks.

--adam

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]















    











					Reply via email to