This question seems to come up frequently, probably should be in a FAQ. Using Servlet Filters is one approach. If you are using Struts 1.1 (in 1.0.2 it's slightly different), and want to use a Struts approach, try the following.
I have an application that requires everyone to log in and certain information to be in session before anything else can be done. In order to prevent users from bookmarking a page and jumping into it without having first logged in, I have to check every incoming request for a valid session. IMHO, the easiest way to do this is to override one or more methods in the RequestProcessor (if you are using Struts 1.1). If you don't have the Struts source you need to obtain it and look at: org.apache.struts.action.RequestProcessor. The processPreprocess method simply returns true on each invocation. However, if you override the original code, and add your own checks, you can "filter" all the incoming requests for anything that's relevant to your situation. For example, in the following, we check to see if the incoming request is one of 3 possible pages, returning true if it is, false otherwise. Obviously, you'd need to do other things to handle other types of pages. public class TDRequestProcessor extends RequestProcessor { protected boolean processPreprocess(HttpServletRequest request, HttpServletResponse response) { String requri = request.getRequestURI(); // first check the URI, if it's Splash, help or index.jsp, user is attempting to login String path = requri.substring(requri.lastIndexOf("/") + 1); if (path.equalsIgnoreCase("splash") || path.equalsIgnoreCase("logon")|| path.equalsIgnoreCase("index.jsp") || path.equalsIgnoreCase("logonhelp")) { return true; } return false; } } Every request will funnel through this method. So you can check for objects in session and take appropriate forwarding actions if you don't obtain what's expected. You will need to add the following to the bottom (check the TLD for the exact location) of the struts-config.xml file: <controller processorClass="com.topdrawer.action.TDRequestProcessor" </controller> -- Charles E Brault [EMAIL PROTECTED] "Where are we going, and why am I in this handbasket?" -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>