I am aware of all these things, but I cannot change my design at this point, and today, I found out that this is some sort of bug in internet explorer which does not do redirection properly and instead displays blank page, where as Firefox does it without any problems.
On Apr 11, 2005 12:53 PM, Dave Newton <[EMAIL PROTECTED]> wrote: > sudip shrestha wrote: > > >I can understand presenting different menu options based on user > >privileges and having the same layout pages. But my concern is there > >may be some pages which a user with less privileges may not be allowed > >to see at all, and what if he finds the url of that page and types the > >url in the browser and if that particular page does not have the > >authority-check not built into it, that user may be able to do stuff > >on the page......I hope you know what I am saying. > > > > > The JSPs shouldn't be directly accessible anyway--if they're under > WEB-INF then they cannot be directly accessed. > > Authentication would be handled either in a) a filter, b) an Action > super-class, c) a custom RequestProcessor, or d) somewhere else. > > Personally, I don't believe _any_ authentication belongs in the view, > but I'm obsessive. > > If an action is protected by one of the mechanisms above (or something > functionally similar) and the JSPs are not directly accessible, then > you don't need to worry about it at all on the presentation side. > > Dave > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
