I�m a
struts neophyte, so be gentle...
I have a �secure�
jsp page that should only be accessible to users with certain privileges. All of the security works fine until I bookmark this page and then exit the web site. If I then select my bookmark I�m taken right back to the secure page even though I am no longer logged in.
I have my own Custom Request Processor which extends RequestProcessor:
<controller>
<set-property property="processorClass"
value="med.va.gov.commonservices.eels.struts.CustomRequestProcessor"/>
</controller>
In the processPreprocess method of my Custom Request Processor I check the
servlet path and redirect the user to the login page if they are not already logged in. I also have debug in this method that writes a message to the console so I know when this method is executed.
In addition, the action class that I wrote that handles forwards to my secure page also has debug that writes a message to the console so I know when this method is executed as well.
That said, this is what I see�
1) I log in to my web site.
2) I select the link that takes me to my secure page.
3) I get the debug message indicating that my Custom Request Processor has executed.
4) I get the debug message indicating that my action class has executed
5) The secure page is displayed.
Now, when I log out of the application and select my bookmark I see�
1) The secure web page is displayed even though I am not logged into the web site.
2) I get NO debug messages from either the Custom Request Processor or the Action.
What am I doing wrong? Any help would be GREATLY appreciated.
Thanks.
- Ben Hagadorn