Jason, One thing you may want to consider is using the Template pattern here. Make your class abstract, declare an abstract method called doExecute or something like that, have your execute method call doExecute where it currently calls super.execute() (the super call is unnecesary I think). Sub classes would then implement doExecute() instead of execute, the ActionServlet would call the execute that was inherited from your abstract class, and you'd be guaranteed that the security logic would be executed immediately before the doExecute method.
That having been said, I think the processRoles might be a better place to put this logic if you can use it. > -----Original Message----- > From: Jason Vinson [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 26, 2003 8:38 AM > To: Struts Users Mailing List > Subject: security question #2 > > > I am using the below code to check for the presence of session > attributes for security. Are there any issues I may be > overlooking by doing it this way? > > TIA, > Jason > > //#################################################### > // Default spgAction class > //#################################################### > > package spg.logic; > > import com.clarify.cbo.*; > import org.apache.struts.action.*; > import org.apache.struts.actions.*; > import javax.servlet.http.*; > > public class spgAction extends Action { > > public ActionForward execute (ActionMapping mapping, > ActionForm form, HttpServletRequest request, > HttpServletResponse response) throws Exception { > > HttpSession session = request.getSession(); > Session ClfySession = (Session)session.getAttribute("ClfySession"); > com.clarify.cbo.FormContext ClfyFormContext_S = > (com.clarify.cbo.FormContext) session.getAttribute("ClfyFormContext_S"); > > if ( ClfySession == null || ClfyFormContext_S == null) { > return(mapping.findForward("login")); > } else > > return super.execute(mapping, form, request, response); > } > } > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]