Re: [RE: Container Managed Authentication and roles attribute on actio n]

[Josh Berry <jo...@usa.net>]

my response below...

Jarnot Voytek Contr AU HQ/SC <Vo...@MAXWELL.AF.MIL> wrote:
> That's a workable solution, but a bit of kludge - assuming that 
> the user can get a error-code of 400 for other reasons than not
> being authorized.  I guess I was hoping for a way to trap the
> response before it left the struts code, perform some logic,
> and forward to another page (maybe the one they just came from).

This is more of a question then answer, but I thought the whole point of
container managed security was that if they are not allowed on a resource the
resource is not aware of this fact.

That is, if the web.xml file has a resource as being restricted and the user
is not allowed, then they NEVER touch the struts code.  The web server does
the redirecting of the user to the appropriate spot.  

Now, from what I know of this stuff.  What you are describing sounds more
likely to be accomplished using filters.

Am I completely off on this?

-josh


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>