You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Laurie Harper <la...@holoweb.net> on 2006/07/04 21:02:20 UTC
Re: How to take care of session mgmt
kumar.vinodh@wipro.com wrote:
> Hi *,
>
> I am new to struts and to this group. Is there any standard way of doing
> session management.
> For eg, user is not allowed to access any resource(jsp pages directly)
> unless he logins. When he tries he should be directed to login page.
> Is there any standard way of doing this. Struts framework has any
> standard way of handling this issue.
You're looking for web application security and access control, rather
than session management. There are lots of options, the 'standard' one
being container-managed security. Other approaches involve implementing
your own access control in a base Action or servlet filter.
Struts includes support for 'role based' access control, based on the
standard Servlet authentication APIs; you can restrict any action based
on the user role as used by HttpServletRequest.isUserInRole() [1].
L.
[1] http://tomcat.apache.org/tomcat-5.0-doc/servletapi/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org