You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Laurie Harper <la...@holoweb.net> on 2006/07/04 21:02:20 UTC

Re: How to take care of session mgmt

kumar.vinodh@wipro.com wrote:
> Hi *,
> 
> I am new to struts and to this group. Is there any standard way of doing
> session management.
> For eg, user is not allowed to access any resource(jsp pages directly)
> unless he logins. When he tries he should be  directed to login page.
> Is there any standard way of doing this. Struts framework has any
> standard way of handling this issue.

You're looking for web application security and access control, rather 
than session management. There are lots of options, the 'standard' one 
being container-managed security. Other approaches involve implementing 
your own access control in a base Action or servlet filter.

Struts includes support for 'role based' access control, based on the 
standard Servlet authentication APIs; you can restrict any action based 
on the user role as used by HttpServletRequest.isUserInRole() [1].

L.

[1] http://tomcat.apache.org/tomcat-5.0-doc/servletapi/index.html

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org