struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eddie Bush <>
Subject Re: Security and Struts
Date Tue, 30 Jul 2002 19:04:47 GMT
Use container-managed security.  This is a feature of your application 
server (servlet container) that allows you to use standard configuration 
techniques to specify roles and, on a per-application basis, what areas 
of the site those roles have access to.  If you're not familiar with 
container-managed authentication (CMA), you should become familiar with 
it.  It's really handy!



Ryan Cuprak wrote:

> I was hoping someone would have some advice on securing a website using
>struts. I am developing a webapp that has to be secure (password protected)
>and which restricts access to different parts of the site depending on the
>roles a user possesses. The roles each user has are stored as XML in a
>database and may be configured by an administrator. Does struts have any
>built-in security capabilities that I could take advantage of?
> Any help/pointers would be much appreciated!
> My first guess would be to put all jsp pages in WEB-INF (use only
>ForwardAction to get to each page) and subclass ActionServlet with the logic
>for check authentication etc. However, will this cause any problems when it
>comes to a user book marking a page?
>-Ryan Cuprak
>To unsubscribe, e-mail:   <>
>For additional commands, e-mail: <>

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message