struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurie Harper <lau...@holoweb.net>
Subject Re: How to take care of session mgmt
Date Tue, 04 Jul 2006 19:02:20 GMT
kumar.vinodh@wipro.com wrote:
> Hi *,
> 
> I am new to struts and to this group. Is there any standard way of doing
> session management.
> For eg, user is not allowed to access any resource(jsp pages directly)
> unless he logins. When he tries he should be  directed to login page.
> Is there any standard way of doing this. Struts framework has any
> standard way of handling this issue.

You're looking for web application security and access control, rather 
than session management. There are lots of options, the 'standard' one 
being container-managed security. Other approaches involve implementing 
your own access control in a base Action or servlet filter.

Struts includes support for 'role based' access control, based on the 
standard Servlet authentication APIs; you can restrict any action based 
on the user role as used by HttpServletRequest.isUserInRole() [1].

L.

[1] http://tomcat.apache.org/tomcat-5.0-doc/servletapi/index.html


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message