Personally, I favor a filter approach, specifically SecurityFilter - http://securityfilter.sourceforge.net/
It's configuration format follows Container-Managed Security, but is much more flexible. Don On Wed, 06 Oct 2004 13:19:59 -0400, Bill Siggelkow <[EMAIL PROTECTED]> wrote: > Well, I am not sure exactly what 'Filters should not rely on session > state' means; but I would use a filter -- IMO its the best way to apply > across-the-board behavior w/o using container-managed security. > > -Bill Siggelkow > > > > > andy wix wrote: > > Hi, > > > > What is the best approach for the above? I don't use container security > > - when a user logs in I store a User object in the session and each page > > should then check that the User is not null before proceding. > > You seem to get a real mix of opinions reading about the subject - the > > Servlet 2.3 specification suggests authenication as a suggested use of > > Filters and yet my Professional SCWCD Certification book says 'Filters > > should not rely on session state'. > > > > I understand the Struts approach is sub-class Action and have your check > > in there - this does force you to have an action for every mapping though. > > > > Thanks, > > Andy > > > > _________________________________________________________________ > > Use MSN Messenger to send music and pics to your friends > > http://www.msn.co.uk/messenger > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
