My app has been quite happy using SecurityFilter. I've got a "new" requirement to do something "radical"...
Like to redirect a logged in user to the TOS Acceptance page based upon a user record flag. Yeah, like this is the first app to EVER have that requirement :-) Implementing this is painfully obvious if the act of logging in always resulted in the same Struts Action occurring. But it doesn't. SecurityFilter (or even PODS (plain old declarative security) can intercept any request that requires a user to be logged in (getting him to authenticate and sending him to where he wanted to go to). This means that EVERY request has to catch this condition on it's own. Ideally I'd want SecurityFilter to kickoff a callback method I specify, but it doesn't do that yet... Implementing A Filter or an alternative Request Processor almost requires its own security mechanism implemented on top of the declarative security model (some requests are valid when logged in regardless of the flag setting, say the Actions to Reject or Accept the TOS itself...and logging out too, and that's off the top of my head. Seems entirely too easy to botch.) So what's the best approach in Struts for implementing something like this? Surely it's been done before... For now I implemented this in a RequestProcessor, but I _really_ don't like it there. Ideas? TIA Joe --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
