Cannot just check in your dispatch action to see that they are logged in (by looking for something you put into the session context in the login action) and if not always just route them to login page regardless of whatever forward parameter they actually specify?
-----Original Message----- From: Victor Hadianto [mailto:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 12:16 To: Struts Users Mailing List Subject: Re: Secure generic dispatcher .. I have posted this question last Friday and have no reply. Posted again hoping that someone who got an idea might missed my email last Friday. I will be eternally grateful for anyone who can suggest me a solution. Ta, On Fri, 17 May 2002 16:01, you wrote: > I have implemented a generic dispatcher ActionClass to forward requests to > my JSP. I mapped this generic dispatcher to two different mappings ie: > > <action path="/dispatch" type="com.nuix.DispatchForwardAction"/> > <action path="/secure/dispatch"type="com.nuix.DispatchForwardAction"/> > > The idea is that anything under /secure is protected using the WebContainer > security mechanism. Funnily enough I never realise until recently that user > can just simply forward to my secure JSP files using the non-secure > dispatcher! Hah .. so much for this idea :D > > For example: > > What I inteded to do is something like this: > > /secure/dispatch.do?forward=homepage > > Because dispatch is under /secure , WebContainer will invoke the > login/password screen, however smart and curious user can just type > > /dispatch.do?forward=homepage > > And voila they will go to the homepage withouth going through the > login/password screen. > > Does anyone has a better way of implementing the generic dispatcher? Any > help are appreciated. > > Ta, -- Victor Hadianto ----------- Why is Bottom-posting better than Top-posting http://www.fmf.nl/~anton/topposting.html -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
