I've been exploring the co-mingling of container-based security and struts actions through FORM-based authentication. While many options have been presented and discussed (including subclassing the Action and directly calling container-managed security methods), it seems to me (a newbie) that one obvious solution has not been addressed:
What are the side-effects of directly pointing the error and login pages directly to a struts action (in the example below /login.do) , rather than to an HTML or JSP file? For example: <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.do</form-login-page> <form-error-page>/loginError.do</form-error-page> </form-login-config> </login-config> And in the view of the login form: <form method="POST" action="j_security_check"> Username: <input type="text" name="j_username"><br /> Password: <input type="password" name="j_password"><br /> </form> If this won't work, what about pointing the login and error pages to a JSP, and using a <logic:forward> or a <tiles:insert> tag in the file to handle the request through struts? Am I missing something subtle (or not so subtle)? Thanks in advance. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]