Originally posted by Prakash Dwivedi:
Using filters would mean adding each secure resource to the web.xml in addition to the struts-config.xml, is that right?
depeneds, either u can have one generic filter which intercepts all the requests or u can add urls of all the secure locations in the web.xml and map them to your filter.
As you are using struts you can use RequestProcessor, Here u can check if the user is asking for secure site. If so check for User Id in the session.
Originally posted by Ngo Thanh Hien:
You should use Form based authentication (J2EE specification). This will help you protect your application by URL