Have you had a chance to use http://securityfilter.sourceforge.net/
If not, check it out. I have not used it yet, but it seems like a
tremendous effort on the part of Max Cooper and the community. Let us know
how it works out for you if you use it.
----- Original Message -----
From: "Mark Silva" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Wednesday, September 25, 2002 3:03 PM
Subject: Struts Authentication Filter
hello all,
I am attempting to write an Authentication Filter (Servlet Filter) for my
Stuts App. It is pretty simple so far. it just checks to see if a User has
Authenticated yet (from the session), and if not calls sendRedirect on the
response. code and xml below....
public void doFilter...
...
HttpSession session = request.getSession();
if(!SecurityManager.isUserAuthenticated(session))
response.sendRedirect("login.do");
else
chain.doFilter(request, response);
<filter>
<filter-name>authenticationFilter</filter-name>
<filter-class>AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>authenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
my question, is how i can give the filter a list of pages that are
unathenticated. and to entend that idea, a list of pages that can only be
authenticated by an admin. i have seen that the FilterConfig can be used to
get init parameters, but these only seem to be single values. not a list of
potential URLs.... does any one have a solution to this problem?
thanks,
mark
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
