You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Rick Reumann <ma...@reumann.net> on 2002/06/02 20:42:35 UTC
Handling check for logged-inness using a tag?
If you aren't going to put your JSPs inside the WEB-INF layer, would
it be a good idea to do the check for a user being logged in by a
simple tag at the top of each JSP? This way at least if someone tries
to type in a url to a jsp they would be redirected to log in?
--
Rick
mailto:maillist@reumann.net
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Handling check for logged-inness using a tag?
Posted by Adam Hardy <ad...@cyberspaceroad.com>.
What does the forward to a jsp that's in the WEB-INF look like?
Adam
James Mitchell wrote:
>Assuming that the location of the jsp were decided for you, I would think
>that you wouldn't want anyone hitting a 'struts-ified' jsp regardless of
>authentication. I think these are separate issues.
>
>I know with the QA at my last job, they would try just about anything to get
>a stack trace in the browser. I think they prided themselves on how many
>bugs they could log against us. Almost they acted as if they were paid
>bonus' for logged defects.
>
>Personally, I don't like the idea of adding unnecessary tags in my jsp,
>especially if it does functionality that could/should be in the action
>class. Ultimately, its up to you, that's what makes Struts so awesome.
>
>James Mitchell
>Software Engineer\Struts Evangelist
>
>
>
>
>>-----Original Message-----
>>From: Rick Reumann [mailto:maillist@reumann.net]
>>Sent: Sunday, June 02, 2002 2:43 PM
>>To: Struts Users Mailing List
>>Subject: Handling check for logged-inness using a tag?
>>
>>
>>If you aren't going to put your JSPs inside the WEB-INF layer, would
>>it be a good idea to do the check for a user being logged in by a
>>simple tag at the top of each JSP? This way at least if someone tries
>>to type in a url to a jsp they would be redirected to log in?
>>
>>--
>>
>>Rick
>>
>>mailto:maillist@reumann.net
>>
>>
>>--
>>To unsubscribe, e-mail:
>><ma...@jakarta.apache.org>
>>For additional commands, e-mail:
>><ma...@jakarta.apache.org>
>>
>>
>>
>>
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Handling check for logged-inness using a tag?
Posted by James Mitchell <jm...@telocity.com>.
Assuming that the location of the jsp were decided for you, I would think
that you wouldn't want anyone hitting a 'struts-ified' jsp regardless of
authentication. I think these are separate issues.
I know with the QA at my last job, they would try just about anything to get
a stack trace in the browser. I think they prided themselves on how many
bugs they could log against us. Almost they acted as if they were paid
bonus' for logged defects.
Personally, I don't like the idea of adding unnecessary tags in my jsp,
especially if it does functionality that could/should be in the action
class. Ultimately, its up to you, that's what makes Struts so awesome.
James Mitchell
Software Engineer\Struts Evangelist
> -----Original Message-----
> From: Rick Reumann [mailto:maillist@reumann.net]
> Sent: Sunday, June 02, 2002 2:43 PM
> To: Struts Users Mailing List
> Subject: Handling check for logged-inness using a tag?
>
>
> If you aren't going to put your JSPs inside the WEB-INF layer, would
> it be a good idea to do the check for a user being logged in by a
> simple tag at the top of each JSP? This way at least if someone tries
> to type in a url to a jsp they would be redirected to log in?
>
> --
>
> Rick
>
> mailto:maillist@reumann.net
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>