Vidya Gupta wrote:
Hi,
Can anyone tell me how to use authentication and authorization concept in struts ... please help me..
Regards,
Vidya
If you want to do it yourself, I see two options:
1. you use a filter - if user is not authenticated, you redirect to the login page. The filter should be installed for *.jsp and *.do - this will cover all the dynamic content on the site.
2. you don't use a filter. This is not the best approach but it works. Then you need:
- A custom tag you put in all
jsp files that can be accessed only while authenticated: inside the tag, you check if the user is authenticated, if not, redirect to the login page
- Except the action associated to the login page, check in each action method whether the user is authenticated, if not, forward to the login page
Obviously the second method requires more work. Personally I use filters for all the authentication needs.