best practice is to use standard container based security that is there since Servlet 2.2.
Struts-config works with it.
Then based on that extend.
The example app in struts .... is not a good practice AFIK.
.V
Suresh Addagalla wrote:
Hi,
I think this is a commonly performed task, but I need your inputs to
implement it in the best possible way.
I have login page to authenticate the user. For subsequent requests, I
need to check that the user is logged in. If he is not logged in, I need
to display the login page.
Is extending ActionServlet a good way to do this? The process() method
can check for the existence of user's data in session to know if he is
logged in. But I see a problem. My login page itself is submitted to
login.do, so the login request goes through my ActionServlet subclass,
which means that he will never be able to login?? Or am I missing
something?
Any other approach, please let me know.
Thanks,
Suresh
------------------------------------------------------------------------
**************************Disclaimer************************************************** Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited.
****************************************************************************************
------------------------------------------------------------------------
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
