Method invoked by the page, action and direct services to validate that the user is allowed to visit the page.
Most web applications have a concept of 'logging in' and pages that an anonymous (not logged in) user should not be able to visit directly. This method acts as the first line of defense against a malicous user hacking URLs.
Pages that should be protected will typically throw a {@link PageRedirectException}, to redirect the user to an appropriate part of the system (such as, a login page).
Since 3.0, it is easiest to not override this method, but to implement the {@link PageValidateListener} interfaceinstead.