You can also define a filter that directs all actions to Logon.do when
1) the logon bean is not present in the session.
This way you don't have to garbage up you actions by always checking for
the logon bean.
mas
Bart Busschots wrote:
A simple solution would be to set up your login action so it sets a
variable of some sort in session scope to indicate that the user is
logged in and then have each action check that variable in session and
redirect to the login action if it is not present.
Bart.
Pankaj Gupta wrote:
What I want is to implement a security policy where all pages of the
application can only be accessed through the login page. i.e. If the
user logs in the application and copies the url in another browser
and tries to access that page, he should be redirected to the login
page. Any suggestion?
regards,
Pankaj
Paul Benedict wrote:
Panak, how are the menu items going to communicate to your
application which item was selected? Obviously, by incoking
an Action; if the menu items can invoke the Action, so can a user.
There is no such thing as security in this case.
However, if you're asking if you can prevent the JSP files
from being directly accesses, put them under WEB-INF and have
your Actions forward to them. The user will not be able to go
to your JSP pages directly, but only through an Action; but
here too the user can access any Action.
When you build a menus, use the <logic roles=""> tag to
determine if the user is in some role.
-- Paul
--- Pankaj Gupta <[EMAIL PROTECTED]> wrote:
Hi All,
I am new to struts and have a basic question. I am making an
application and I want that all the pages should be accessed
through the menu items only.i.e. if a user copies the url in the
browser the page should not get loaded. How can I enforce such a
security?
Another question is how can I selectively disable some menus based
on login roles?
regards,
Pankaj
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Mark Shifman MD. Ph.D.
Yale Center for Medical Informatics
Phone (203)737-5219
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
