You can use the filter mapping, eg all the pages that need
authetication are under admin, so i just put that in filter mapping, and to
verify that he is an admin use the isuserinrole, or something like that...
At 12:03 PM 9/25/2002 -0700, you wrote:
>hello all,
>
>I am attempting to write an Authentication Filter (Servlet Filter) for my
>Stuts App. It is pretty simple so far. it just checks to see if a User
>has Authenticated yet (from the session), and if not calls sendRedirect on
>the response. code and xml below....
>
> public void doFilter...
> ...
> HttpSession session = request.getSession();
>
> if(!SecurityManager.isUserAuthenticated(session))
> response.sendRedirect("login.do");
> else
> chain.doFilter(request, response);
>
>
><filter>
> <filter-name>authenticationFilter</filter-name>
> <filter-class>AuthenticationFilter</filter-class>
></filter>
>
>
><filter-mapping>
> <filter-name>authenticationFilter</filter-name>
> <url-pattern>/*</url-pattern>
></filter-mapping>
>
>my question, is how i can give the filter a list of pages that are
>unathenticated. and to entend that idea, a list of pages that can only be
>authenticated by an admin. i have seen that the FilterConfig can be used
>to get init parameters, but these only seem to be single values. not a
>list of potential URLs.... does any one have a solution to this problem?
>
>thanks,
>mark
>
>--
>To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
