struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eddie Bush <ekb...@swbell.net>
Subject Re: Security and Struts
Date Tue, 30 Jul 2002 19:04:47 GMT
Use container-managed security.  This is a feature of your application 
server (servlet container) that allows you to use standard configuration 
techniques to specify roles and, on a per-application basis, what areas 
of the site those roles have access to.  If you're not familiar with 
container-managed authentication (CMA), you should become familiar with 
it.  It's really handy!

Regards,

Eddie

Ryan Cuprak wrote:

>Hello,
> I was hoping someone would have some advice on securing a website using
>struts. I am developing a webapp that has to be secure (password protected)
>and which restricts access to different parts of the site depending on the
>roles a user possesses. The roles each user has are stored as XML in a
>database and may be configured by an administrator. Does struts have any
>built-in security capabilities that I could take advantage of?
>
>
> Any help/pointers would be much appreciated!
>
> My first guess would be to put all jsp pages in WEB-INF (use only
>ForwardAction to get to each page) and subclass ActionServlet with the logic
>for check authentication etc. However, will this cause any problems when it
>comes to a user book marking a page?
>
>Thanks,
>-Ryan Cuprak
>
>
>
>--
>To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>
>



--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message