struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject RE: Re: Security, authentication and authorisation with Struts
Date Fri, 24 Aug 2001 14:26:42 GMT
> wouldn't it be better to put this code directly into the action
> servlet and rebuild struts?

That goes against my code-reusability instincts. I strive to use
the default struts build and default tag libraries.

The other possibility would be to put this in the Action class.
Before it checks the authorization, it could verify that it is
in the session. If not, put it there. I don't do this because I
also put an object in the application scope (for complicated
reasons) and it seems silly to put this code in the Action code
which is rather far from the application level.

> i'd also be interested in hearing the rationale behind the 
> desire not to subclass ActionServlet from those of you who
> prefer to avoid it.

Me too. Works fine for me.


View raw message