I second that emotion -- SecurityFilter can be described in one word ...
SWEET !
Don Brown wrote:
Personally, I favor a filter approach, specifically SecurityFilter -
http://securityfilter.sourceforge.net/
It's configuration format follows Container-Managed Security, but is
much more flexible.
Don
On Wed, 06 Oct 2004 13:19:59 -0400, Bill Siggelkow
<[EMAIL PROTECTED]> wrote:
Well, I am not sure exactly what 'Filters should not rely on session
state' means; but I would use a filter -- IMO its the best way to apply
across-the-board behavior w/o using container-managed security.
-Bill Siggelkow
andy wix wrote:
Hi,
What is the best approach for the above? I don't use container security
- when a user logs in I store a User object in the session and each page
should then check that the User is not null before proceding.
You seem to get a real mix of opinions reading about the subject - the
Servlet 2.3 specification suggests authenication as a suggested use of
Filters and yet my Professional SCWCD Certification book says 'Filters
should not rely on session state'.
I understand the Struts approach is sub-class Action and have your check
in there - this does force you to have an action for every mapping though.
Thanks,
Andy
_________________________________________________________________
Use MSN Messenger to send music and pics to your friends
http://www.msn.co.uk/messenger
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
