struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurie Harper <>
Subject Re: How to take care of session mgmt
Date Tue, 04 Jul 2006 19:02:20 GMT wrote:
> Hi *,
> I am new to struts and to this group. Is there any standard way of doing
> session management.
> For eg, user is not allowed to access any resource(jsp pages directly)
> unless he logins. When he tries he should be  directed to login page.
> Is there any standard way of doing this. Struts framework has any
> standard way of handling this issue.

You're looking for web application security and access control, rather 
than session management. There are lots of options, the 'standard' one 
being container-managed security. Other approaches involve implementing 
your own access control in a base Action or servlet filter.

Struts includes support for 'role based' access control, based on the 
standard Servlet authentication APIs; you can restrict any action based 
on the user role as used by HttpServletRequest.isUserInRole() [1].



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message