Rick Reumann wrote:
On Thu, 2003-07-03 at 14:41, Erik Price wrote:
I am really confused as to why you don't want to use a Filter. It seems that they were developed specifically for situations like the one you describe
Here's the problem I'm having with the securityFilter stuff that I'm
implementing. Not sure if this what the spec requires, but when a user's
session times out on some page and they hit reload I get brought back to
the login page. That's all well and good, but when they submit it tries
to return them to whatever URL they were on. This is creating problems
because sometimes to get where the user was requires certain objects to
be in the session which, right after login, they are not since the user has now skipped those actions and pages and is jumping to some point
possibly deep into the application.
Hm. I am not familiar with the SecurityFilter project per se, but you can always write your own implementation of javax.servlet.Filter and in addition to performing your authorization tests, you can redirect or dispatch-forward to a "safe" place in your web application. Better yet, just modify the SecurityFilter that you are already using to do this, since presumably you don't want to be troubled with re-coding all of the authentication testing, etc.
Erik
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
