----- Original Message ----- From: "Steve Raeburn" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Sunday, June 29, 2003 1:50 PM Subject: RE: Sending a Redirect Directly from an Action Class
> Redirecting to a page has *nothing* to do with security constraints. > > If you have the necessary authority to that page then the page will be > displayed without error. If you do not have the authority then an error will > be generated. However, this does not mean that the redirect has failed. The > redirect worked but the redirect target generated an error which, in any > decent application, will be handled and the user will be presented with a > meaningful error page or logon page. > > So, the JSP *can* in fact be protected by container managed security. I have > never said this is the *best* way of doing things but your assertion that > the JSP page could not be protected by standard security constraints is just > plain wrong. > > Steve > > > -----Original Message----- > > From: Jing Zhou [mailto:[EMAIL PROTECTED] > > Sent: June 29, 2003 11:12 AM > > To: Struts Users Mailing List; [EMAIL PROTECTED] > > Subject: Re: Sending a Redirect Directly from an Action Class > > > > > > > > ----- Original Message ----- > > From: "Steve Raeburn" <[EMAIL PROTECTED]> > > To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > Sent: Sunday, June 29, 2003 10:09 AM > > Subject: RE: Sending a Redirect Directly from an Action Class > > > > > > > The statement, "The JSP page somePage.jsp could not be protected by the > > > standard security constraints." is incorrect. > > > > You recognized the discussion context is on the concerns of the > > redirect to > > the > > JSP page /somePage.jsp, right? (Shoud I bring out the orignal text again?) > > Let me ask you, if you put the page under a standard security constraint, > > how can you perform a redirect to that page sucessfully? > > Taking a statement out of its contexts is not very professional. > > > > > > > > This discussion no longer has anything to do with Struts. > > > > However, it has something to do with the Struts users, > > because you are misleading the Struts users when you said "not true" > > or "is incorrect" to the original text. > > > > > > > > Unless you disagree with either of these points can we now drop it, > > please? > > > > You changed your arguments from *assuming* the action is protected > > to the statement you mentioned above, could you drop the tactics, please? > > > > > > > > Steve > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]