We take care of it in the Action where all of our Actions for the application are children of a "ApplicationAction" that extends DispatchAction. So in the execute() of ApplicationAction before dispatching to the implemented business action, it runs through a series of validations and request settings, such as executing an abstract method called "executeAuthorization(Request)" which can allow the BusinessAction to set preconditions before hitting it's own implemented business method.
ApplicationAction.execute( ApplicationAction.validateAuthentication() ImplementedAction.validateAuthorization() ApplicationAction.dispatch() ImplementedAction.executeXXXXXX() } We were later able to stack in additional pre-processing easily by setting up our actions this way. -----Original Message----- From: Wendy Smoak [mailto:[EMAIL PROTECTED] Sent: Friday, March 12, 2004 2:32 PM To: Struts Users Mailing List Subject: RE: Checking if user has a valida session > From: Joao Batistella [mailto:[EMAIL PROTECTED] > 1. Put an include or tag in every page that checks this > 2. Check this in my struts action > 3. Use a servlet filtering to filter all .jsp or .do requests > I'm thinking about adopting solution number 3. Is it the best aproach? Yes. IMO 1 and 2 are way too late to be checking whether the user is allowed to be there. -- Wendy Smoak --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
