I have an application where many of the actions require session validation (i.e. the user has successfully logged in), and there are other actions that do not require validation. Currently, I have the actions that require session validation extend a custom class (that extend Action and where the session validation is done in a preprocess method). The actions that do not require validation, simply extend Action.
This doesn't seem 100% correct because the idea behind
struts is to have the configurable options defined in struts-config. What are the best practices for this? I can add a flag in the "param" attribute of the action mapping in struts-config to define if the action requires authentication, and I want to avoid having to add my own "requires-authentication" flag in struts-config because that would mean having to modify the struts source code. I'm sure this is a common issue in many web applications and I was wondering what the best way to solve this would be. Thanks.