> The <checkLogonTag> of the Struts application checks > if the user has logged in the application before > displaying a JSP page. > Therefore it manages a part of the security of the > application. > I would like to know if this tag is a good practice ? > If it can be used in a "real world" J2EE application ? > If it is J2EE compliant and MVC compliant ?
I think that right before you display a JSP is *way* too late to be checking to see if someone is logged in or not. I do it in a Filter and they never even get to the ".do" Action if they haven't logged in. -- Wendy Smoak Applications Systems Analyst, Sr. Arizona State University PA Information Resources Management