(Let me clarify slightly.) On Mon, Dec 27, 2010 at 8:38 AM, Dave Newton <davelnew...@gmail.com> wrote:
> Why/how did it confuse you? Login shouldn't be /performed/ by an > interceptor, an interceptor should check if a user has logged in for a given > resource and if not redirect to a login page. > > The /action/ of logging in should be performed by an action. > These conditions are satisfied by the code in question: but it's pretty confusing, and as far as I'm concerned, mixing "action" and "interceptor" functionality in the same class is questionable organization. (And hopefully my comment about declaring action-specific interceptors wasn't confusing; if you define only one for an action, it'll be the *only* interceptor declared for that action. This means, more or less, that S2 will cease to function, since most of the good stuff happens via interceptors.) The underlying login mechanism itself, as pointed out in a previous response, can be Spring Security (nee Acegi), or basically anything else, as long as the interceptor can determine if a user has logged in, it doesn't matter. (Or if login status can be checked in a different way outside of the S2 framework.) Dave
