One thing that I don't like (haven't figured out how to get around this)
is the need for empty classes. If I have a secure page, like an image
upload form, let's call it (image-upload-form.jsp), I don't want the
user to be able to access it if he or she is not logged in. To
accomplish this,
Couldn't you just declare BaseAction.java as the action's class?
Also; it sounds like you're using a custom security solution; I'd
suggest using Spring Security instead. Custom security code is likely
to suffer from many of the bugs that Spring Security ran into years
ago.
-Brian
On Sun, Jul
I'm not sure I follow. There isn't an action here.
Let's say I have a jsp page that I want to be secure, aka you have to be
logged in to visit. For all of the secure pages that actually require
some work to be done, this is ok, because the workflow is: 1) Click link
to secure page,
In my project, I have everything defined as an action in a struts.xml.
All my action classes extend BaseAction. Then, for cases where
everything I need really *is* in the jsp, I just have an action set up
something like:
action name=jspOnly class=BaseAction
result
I'm trying to get away from using a struts.xml as much as possible. My
struts.xml looks like this:
struts
constant name=struts.devMode value=true /
package name=my-default extends=struts-default
global-results
result name=login
5 matches
Mail list logo