On Thu, 2003-07-03 at 15:05, Craig R. McClanahan wrote:How about deriving all your actions from a base class that checks if the requisite objects are in session, and if not, either puts them there, or forwards/redirects to a page which will cause them to be put there.
If you go with "roll your own" security, though, I would definitely
recommend that you implement it as a Filter rather than trying to modify
Struts to do this for you.
Craig, is there a way I can force container managed security under Tomcat to always bring me to action X after login and not to the last url the user was at when their session timed out and they hit reload on a page? I'm having trouble because info is not in the session when the user is brought back tot he page they were last on before their session timed out. Is there a way to avoid this if I just use the standard Tomcat container based security?
If you prefer, you can of course also do this in a RequestProcessor subclass.
I do the former and it works like a charm under any container (in my case Jetty and SecurityFilter).
--dolf
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
