Hello all,
I'm working on a Struts application that contains 2 modules. Module 1 (default): a public website. Module 2: a user and administrative login. Module 2 obviously needs to be secure. To secure Module 2 I intend to build 2 measures into take the following steps: a) Before any action is executed check that the user is logged in by looking for a "User" object in the session. b) check that all connections are via the https protocol. In the event that either of these checks fail, the user is redirected to an error page. As a novice, but rapidly learning, Struts developer, I believe the logical place to put these checks is to subclass the RequestProcessor and override the processPreprocess() method with this logic? An immediate alternative that comes to mind is to create a base action that would handle this logic, however, I don't think that is where this belongs in a Struts application. simply if the request doesn't meet the requirements stated above, the User shouldn't get to the Action in the first place. Does anyone have any suggestions or best practices they can offer? Thanks. Josh Holtzman American Data Company [EMAIL PROTECTED] Voice: (310) 470-1257 Fax: (310) 362-8454 Sun Microsystems iForce Partner