Jason Meredith wrote:
Chaps
I am sure this question has been asked before, if it has please point me in the right direction (URL - example)
A user log's into a web site, once the user has been authenticated, a session is created , there are many different actions that a user can perform, and it is easy to check if a session exists or has expired within each action. If the session times out, then a user is redirected back to the login page. No problem.
What do I do for those pages that do not have actions, pages that have global forwards for example (org.apache.struts.actions.ForwardAction), things like legal pages, site maps, and so on? I don't want to create an action just to display a simple JSP/HTML page, that's why I used a forward.
Chappie,
If you use container-managed authentication, then you know what to do -- simply specify these other resources in your CMA mappings. However, I'm guessing that you aren't using CMA in this case.
Best bet would be to migrate your authentication code (where you check for session validity) out of the Actions and into a javax.servlet.Filter, and then map this Filter to any resources which need to be protected.
Erik
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
