Re: Sending a Redirect Directly from an Action Class

Sun, 29 Jun 2003 01:22:55 -0700 

Here is my original concerns regarding to the
response.sendRedirect("/somePage.jsp"):
>>
>> * The JSP page somePage.jsp could not be protected
>>    by the standard security constraints. So it is recommended
>>    to use response.sendRedirect("/someAction.do") or
>>    a Filter, either way that provides security checking.
>>    Improper use of the redirect could make the security
>>    constraints over complicated as in an early discussion on
>>    how we redirect to restricted pages.
>>

And the following is your response:
> This is not true. When you redirect the client issues a new request which
is
> subject to container managed security.

Form my message, how do you conclude I am suggesting that
the "/someAction.do" is protected under a security constraint?
You added an assumption to my message and then claimed it "not true".

Again, the idea that "/someAction.do" is protected is funny. I never
thought that.

Jing

----- Original Message ----- 
From: "Steve Raeburn" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Sunday, June 29, 2003 2:21 AM
Subject: RE: Sending a Redirect Directly from an Action Class


> > When I talked the use of the redirect to /someAction.do, it
> > doesn't imply it is protected by the security constraints.
> > Normal pratice of the MVC model is that most of JSP pages should be
> > protected while actions should not. Because actions have internal
> > logics to perform security checking, that is a common sense
> > (If you protect all of your actions, /*.do, how
> > do your end users submit web forms? :-)
>
> It does imply that when the original question was not about different
> security methods. I assumed that as the question was not about security
then
> the action would be protected in the same way as the jsp otherwise the
> discussion, in the context of redirection, is meaningless.
>
> I could equally ask why you don't just programme the whole thing in
Fortran,
> but that would be equally tangential to the original question :-)
>
> Steve
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to