Dave: I have user types with varying level of privileges and only a defined user type can access a particular page. I thought of using filter for this purpose, but not sure how to designate which layout*.jsp (have created multiple layout.jsp pages for varying user types: e.g. admin can access layout1.jsp, user can access layout2.jsp) can be accessed by which user type. I could not use ldaprealm as system administrators disagreed to storing password in server.xml file (which is needed to read group membership)(I could have used container managed security), so I am using tiles-layout page for the verification. This auth piece is at the top of the page, so I don't see the page already outputting to the HTTP connection before this script executes.
On Apr 8, 2005 11:55 AM, Dave Newton <[EMAIL PROTECTED]> wrote: > sudip shrestha wrote: > > >---------------------------------------------------------- > >I have few layout.jsp templates where I have following chuck of code > >which should redirect the browser to login page if session expires: > ><% String loginCheck = "notLoggedIn"; > > if( session.getAttribute( "session_unique_id" )!=null ) > > { > > loginCheck = (String)session.getAttribute( > > "session_unique_id" ); > > } > > if( !loginCheck.equals("admin0") ) > > { > >%> > > <logic:redirect forward="loginPage"/> > ><% } > >%> > > > >But when session expires, or when somebody who is not 'admin0' tries > >to access the page, they get a blank page instead of getting > >redirection. I have tried using jsp:forward directive as well, but > >the result is same. > >If anybody has any suggestion on this, please let me know. > > > > > Put this logic somewhere else like a filter or request processor. > > Not knowing the full layout of your tiles I'd say that you've probably > already output to the HTTP connection, which means you can't redirect > anymore. Just a guess. In any case this is handled _far_ better some > place other than the presentation layer, especially if you have the same > code in more than one place--sketchy. > > Dave > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]