Hi,
I'm fairly new to Struts, so if I'm wrong here, I hope the more experienced will
correct me.
If you extend the 'org.apache.struts.action.RequestProcessor' (or the
'org.apache.struts.tiles.TilesRequestProcessor' if you're using Tiles), then you can
simply override the 'processPreprocess(...)' method and put your authentication there.
That way, your authentication is all in one place, no need to put it in every JSP.
When using this methodology, you want to be sure that your JSPs are not accessed
directly, but always accessed via the controller.
Hope this helps.
struts Dude <[EMAIL PROTECTED]> wrote:
Hi
I am going to use custom tags for checking
access to Jsp, if no user/bean bean in session,
then direct to login page.
And I am also going to check admin bean again
in Action before invoking life cycle methods
on business beans.
Now am I over kill with authentication??
I mean, if all JSP pages that require user/admin
access has custom tag that check for access
at top, then i don't really need to check
for authentication in Action classess.
But it may also be good practice to double check
for whatever reason.
Just curious what's the usual practice u ppl do.
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
