Joined: 10/01/2008 08:20:15
LoginAction.java: (extends BaseLoginAction from Mentawai)
Protecting the access to our actions by users not authenticated:
In the ApplicationManager.java:
If the user is not authenticated, the AuthenticationFilter will return LOGIN as the result and the redirect consequence to /login.jsp will be executed.
Protecting the access to our JSP pages by users not authenticated:
Same thing here: The browser will be redirected to the page configured for the LOGIN result if the user is not authenticated.
Some actions cannot be blocked, for example RegistrationAction, PasswordRecoveryAction, HelpAction, etc. They can implement the AuthenticationFree interface:
For the logout, just use the LogoutAction that comes with Mentawai. The user session object will be removed from the session and the session will be reset (invalidated):
Last but not least, you can use some Mentawai tags to make your job even easier: