Joined: 10/01/2008 08:20:15
After checking username and password, in any way you want, you decide that your user is authenticated. So you do:
Now if you use the AuthenticationFilter as a global filter, all access to your actions will only be allowed if the user is authenticated, in other words, if you called the method above for the current session. If not the LOGIN result is returned and you can redirect for the login page.
Now, some actions need to bypass authentication. Example: the action for registration. All you have to do is implement te AuthenticationFree interface.
The LoginAction is another one that should not be authenticated. The org.mentawai.action.LoginAction implements AuthenticationFree as you might expect.
You blocked access to actions. Now it is time to block access to JSPs. You can use the simple tag:
That's it. Mentawai also supports redirect after login in a very simple way. See here: http://www.mentaframework.org/authentication.jsp