You can use the filter mapping, eg all the pages that need authetication are under admin, so i just put that in filter mapping, and to verify that he is an admin use the isuserinrole, or something like that...
At 12:03 PM 9/25/2002 -0700, you wrote: >hello all, > >I am attempting to write an Authentication Filter (Servlet Filter) for my >Stuts App. It is pretty simple so far. it just checks to see if a User >has Authenticated yet (from the session), and if not calls sendRedirect on >the response. code and xml below.... > > public void doFilter... > ... > HttpSession session = request.getSession(); > > if(!SecurityManager.isUserAuthenticated(session)) > response.sendRedirect("login.do"); > else > chain.doFilter(request, response); > > ><filter> > <filter-name>authenticationFilter</filter-name> > <filter-class>AuthenticationFilter</filter-class> ></filter> > > ><filter-mapping> > <filter-name>authenticationFilter</filter-name> > <url-pattern>/*</url-pattern> ></filter-mapping> > >my question, is how i can give the filter a list of pages that are >unathenticated. and to entend that idea, a list of pages that can only be >authenticated by an admin. i have seen that the FilterConfig can be used >to get init parameters, but these only seem to be single values. not a >list of potential URLs.... does any one have a solution to this problem? > >thanks, >mark > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>