I like using the servlet container to perform
authentication. Then you can define your security
rules in web.xml file.
<security-constraint>
<web-resource-collection>
<web-resource-name>
adminPages
</web-resource-name>
<url-pattern>
/admin/*
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>
MyAdmin
</role-name>
</auth-constraint>
</security-constraint>
Tomcat has a JDBC Realm you can use. Setting up the
realm is specific to the app server you are using, but
your web app is portable.
David
--- "Ito, Shogo" <[EMAIL PROTECTED]> wrote:
> Where would be the best place/way to authenticate
> every user's request? I
> want to avoid inserting "code to authenticate" in
> all of my classes which
> extend Action class. Should I create a class like
> MyAction to put this sort
> of code, then extends this new class? Any better
> way?
>
> Any suggestion greatly appreciated.
> Shogo
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/