Have you had a chance to use http://securityfilter.sourceforge.net/
If not, check it out. I have not used it yet, but it seems like a tremendous effort on the part of Max Cooper and the community. Let us know how it works out for you if you use it. ----- Original Message ----- From: "Mark Silva" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Wednesday, September 25, 2002 3:03 PM Subject: Struts Authentication Filter hello all, I am attempting to write an Authentication Filter (Servlet Filter) for my Stuts App. It is pretty simple so far. it just checks to see if a User has Authenticated yet (from the session), and if not calls sendRedirect on the response. code and xml below.... public void doFilter... ... HttpSession session = request.getSession(); if(!SecurityManager.isUserAuthenticated(session)) response.sendRedirect("login.do"); else chain.doFilter(request, response); <filter> <filter-name>authenticationFilter</filter-name> <filter-class>AuthenticationFilter</filter-class> </filter> <filter-mapping> <filter-name>authenticationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> my question, is how i can give the filter a list of pages that are unathenticated. and to entend that idea, a list of pages that can only be authenticated by an admin. i have seen that the FilterConfig can be used to get init parameters, but these only seem to be single values. not a list of potential URLs.... does any one have a solution to this problem? thanks, mark -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>