Hi, I'm fairly new to Struts, so if I'm wrong here, I hope the more experienced will correct me. If you extend the 'org.apache.struts.action.RequestProcessor' (or the 'org.apache.struts.tiles.TilesRequestProcessor' if you're using Tiles), then you can simply override the 'processPreprocess(...)' method and put your authentication there. That way, your authentication is all in one place, no need to put it in every JSP. When using this methodology, you want to be sure that your JSPs are not accessed directly, but always accessed via the controller. Hope this helps.
struts Dude <[EMAIL PROTECTED]> wrote: Hi I am going to use custom tags for checking access to Jsp, if no user/bean bean in session, then direct to login page. And I am also going to check admin bean again in Action before invoking life cycle methods on business beans. Now am I over kill with authentication?? I mean, if all JSP pages that require user/admin access has custom tag that check for access at top, then i don't really need to check for authentication in Action classess. But it may also be good practice to double check for whatever reason. Just curious what's the usual practice u ppl do. Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage!