bablu singh wrote:Hi folks,
I am using Login Interceptor,
There's no Login interceptor in
Struts so I can't tell you anything about that. I can tell you
the way interceptors work is that you configure a "stack" of them. Simply create a stack that does not contain a Login interceptor for the URL's you want to make available.
bablu singh wrote:
If the user is not logged in and hit the following URL in the browser
e.g. /MyProject/SeeReports.jsp
It just opens up. I want to redirect it to Login.jsp if the user is not logged in.
First and most importantly,
you should look at
Declaritive Security. It's the
JEE standard way to control access to
servlets, EJB's and other resources.
I've see others here at the Ranch suggest putting all your
JSP's under you web application's WEB-INF directory. They would not be directly accessible there, but presumably would be available for rendering a page. I've never tried that option.
As a last-ditch security measure, I created a custom JSP tag that checks to see if the user is logged in (and, optionally, what role the user is in), and if they are not (or do not have the proper role), issue a redirection to the login page.
I don't see how the JSTL redirect tag can help you unless you wrap it with some other logic that determines if a user is logged in. Struts does not have a redirect tag, but there is nothing preventing you from using JSTL.