Here is my original concerns regarding to the response.sendRedirect("/somePage.jsp"): >> >> * The JSP page somePage.jsp could not be protected >> by the standard security constraints. So it is recommended >> to use response.sendRedirect("/someAction.do") or >> a Filter, either way that provides security checking. >> Improper use of the redirect could make the security >> constraints over complicated as in an early discussion on >> how we redirect to restricted pages. >>
And the following is your response: > This is not true. When you redirect the client issues a new request which is > subject to container managed security. Form my message, how do you conclude I am suggesting that the "/someAction.do" is protected under a security constraint? You added an assumption to my message and then claimed it "not true". Again, the idea that "/someAction.do" is protected is funny. I never thought that. Jing ----- Original Message ----- From: "Steve Raeburn" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Sunday, June 29, 2003 2:21 AM Subject: RE: Sending a Redirect Directly from an Action Class > > When I talked the use of the redirect to /someAction.do, it > > doesn't imply it is protected by the security constraints. > > Normal pratice of the MVC model is that most of JSP pages should be > > protected while actions should not. Because actions have internal > > logics to perform security checking, that is a common sense > > (If you protect all of your actions, /*.do, how > > do your end users submit web forms? :-) > > It does imply that when the original question was not about different > security methods. I assumed that as the question was not about security then > the action would be protected in the same way as the jsp otherwise the > discussion, in the context of redirection, is meaningless. > > I could equally ask why you don't just programme the whole thing in Fortran, > but that would be equally tangential to the original question :-) > > Steve > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]