Create a Filter that implements logic to determine if a user has accessed the login page: http://java.sun.com/products/servlet/Filters.html
-Dennis Pankaj Gupta <[EMAIL PROTECTED]> 05/18/2006 04:40 AM Please respond to "Struts Users Mailing List" <user@struts.apache.org> To Struts Users Mailing List <user@struts.apache.org> cc Subject Re: How to disallow opening a page directly from URL What I want is to implement a security policy where all pages of the application can only be accessed through the login page. i.e. If the user logs in the application and copies the url in another browser and tries to access that page, he should be redirected to the login page. Any suggestion? regards, Pankaj Paul Benedict wrote: > Panak, how are the menu items going to communicate to your > application which item was selected? Obviously, by incoking > an Action; if the menu items can invoke the Action, so can a user. > There is no such thing as security in this case. > > However, if you're asking if you can prevent the JSP files > from being directly accesses, put them under WEB-INF and have > your Actions forward to them. The user will not be able to go > to your JSP pages directly, but only through an Action; but > here too the user can access any Action. > > When you build a menus, use the <logic roles=""> tag to > determine if the user is in some role. > > -- Paul > > > --- Pankaj Gupta <[EMAIL PROTECTED]> wrote: > > >> Hi All, >> >> I am new to struts and have a basic question. I am making an application >> and I want that all the pages should be accessed through the menu items >> only.i.e. if a user copies the url in the browser the page should not >> get loaded. How can I enforce such a security? >> >> Another question is how can I selectively disable some menus based on >> login roles? >> >> regards, >> Pankaj >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
