Java Reference
In-Depth Information
<s:link href="/">
<fmt:message key="exception.startOver"/>
</s:link>
</s:layout-component>
</s:layout-render>
<error-page>
<error-code>
401
</error-code>
<location>
/WEB-INF/jsp/unauthorized.jsp
</location>
</error-page>
page. Of course, you can display whatever message you want in this
page. For extra security, you might prefer to be less specific and just
use a “page not found” message, thus giving potential hackers the least
possible amount of information.
If you've been paying attention (and I'm sure you have), you probably
noticed that by getting rid of our login interceptor, we lost the feature
of sending unauthenticated users back to the Login page with the URL
that they were trying to access. Don't worry, we can easily put that
back. When we implement
SecurityManager
, we can optionally imple-
ment
SecurityHandler
as well and determine what to do when access has
been denied:
public class
MySecurityManager
extends
J2EESecurityManager
implements
SecurityHandler
{
public
Resolution handleAccessDenied(ActionBean bean,
Method handler)
{
if
(!isUserAuthenticated(bean, handler)) {
RedirectResolution resolution =
new
RedirectResolution(LoginActionBean.
class
);
if
(bean.getContext().getRequest().getMethod()
.equalsIgnoreCase("GET"))
{
String loginUrl = ((BaseActionBean) bean).getLastUrl();
resolution.addParameter("loginUrl", loginUrl);
}
return
resolution;
}
return new
ErrorResolution(HttpServletResponse.SC_UNAUTHORIZED);
}
/
*
...
*
/
}
Search WWH ::
Custom Search