imho, you shouldn't be validating the users username and password in an interceptor. You should validate them in an action, then set a token in the session indicating the user had been validated, then check for your chosen token in the interceptor.
That way you don't need to keep hitting your username and password store every time a request comes in. -----Original Message----- From: Mufaddal Khumri [mailto:[EMAIL PROTECTED] Sent: 04 January 2008 04:48 To: Struts Users Mailing List Subject: Interceptor best practices ... Am trying to understand the best practice if any for a ValidateLoginInterceptor of sorts. In the code below, if the login is valid then we make a call to: return actionInvocation.invoke(); In case the login information was incorrect, what should one do? return ActionSupport.ERROR // In this case would the <result name="error">/myerrorpage.ftl</result> associated with my action be executed? public class ValidateLoginInterceptor implements Interceptor { private static final long serialVersionUID = 1L; private static String EMAIL_FIELD = "email"; private static String PASSWORD_FIELD = "password"; public void destroy() { } public void init() { } public String intercept(ActionInvocation actionInvocation) throws Exception { String email = actionInvocation.getStack().findString(EMAIL_FIELD); String password = actionInvocation.getStack().findString (PASSWORD_FIELD); if (isValidLogin(email, password)) { // login credentials were valid return actionInvocation.invoke(); } else { // login credentials are not valid // actionInvocation.setResultCode(ActionSupport.ERROR); Should I be doing this? return ActionSupport.ERROR; } } } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]