I've used an interceptor to perform similar functionality without any problems, except I don't return LOGIN, I return ERROR. This is for authorization rather than authentication, since authorization involves checking rights; authentication is just checking that you are who you say you are. If you aren't who you say you are, then it makes sense to return to the login page, but I've found that this is best handled by a filter, since then you get consistent functionality across all of your pages, not just webwork actions.
On the other hand, if a user fails authorization (they don't have rights to perform a specific action), then it makes more sense to display an error message than to return them to the login page. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fred Lamuette Sent: Sunday, October 19, 2003 7:32 AM To: [EMAIL PROTECTED] Subject: [OS-webwork] Interceptors Question I want to authentificate users with a custom interceptor. I can test the rights, and if the access is not granted, interrupt the action execution (by not calling invokation.invoke()) and then return the string "LOGIN". Obviously, nothing is executed, because the result "LOGIN" is not found the results defined in my action config, but I thought that global actions could be retrieved and then executed if defined in the root package. Am I wrong ? Richard. ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
