I'm currently running into the same situation. If you added to your web-inf
directory. Do you just create a dir called "jsp"? and treat that as your root? Is
there any sort of special path or configuration needed for this? I'm using Tomcat 5.0.
Thanks,
Steven
> Hi
> I am going to use custom tags for checking
> access to Jsp, if no user/bean bean in session,
> then direct to login page.
>
> And I am also going to check admin bean again
> in Action before invoking life cycle methods
> on business beans.
>
> Now am I over kill with authentication??
Way overkill. Put your jsps in WEB-INF, and no one can get at them. If your
container is new enough to handle filters, use them instead. Otherwise, use a
BaseSecurityAction that overrides execute, does the check and then calls
whateverYouWantForYourActualExecutionCode( same params as execute).
>
> I mean, if all JSP pages that require user/admin
> access has custom tag that check for access
> at top, then i don't really need to check
> for authentication in Action classess.
You shouldn't allow access to your jsp pages.
>
> But it may also be good practice to double check
> for whatever reason.
>
> Just curious what's the usual practice u ppl do.
>
> Thanks
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
