struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Rhoads" <>
Subject RE: Security and Struts
Date Tue, 30 Jul 2002 19:23:56 GMT

-----Original Message-----
From: Ryan Cuprak []
Sent: Tuesday, July 30, 2002 1:53 PM
Subject: Security and Struts

 I was hoping someone would have some advice on securing a website using
struts. I am developing a webapp that has to be secure (password protected)
and which restricts access to different parts of the site depending on the
roles a user possesses. The roles each user has are stored as XML in a
database and may be configured by an administrator. Does struts have any
built-in security capabilities that I could take advantage of?

 Any help/pointers would be much appreciated!

 My first guess would be to put all jsp pages in WEB-INF (use only
ForwardAction to get to each page) and subclass ActionServlet with the logic
for check authentication etc. However, will this cause any problems when it
comes to a user book marking a page?

-Ryan Cuprak

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message