struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eddie Bush <ekb...@swbell.net>
Subject Re: Security and Struts
Date Wed, 31 Jul 2002 01:31:38 GMT
Troy Hart wrote:

>I don't think it is that much work to put an action in front of every
>jsp page that represents "page" in your application. I actually think it
>is a very good abstraction.
>
o.a.s.actions.ForwardAction works *really well* (and simply) for this - 
as does the NoOpAction (for fowarding to definitions - can't forget Tiles!).

>A couple of the advantages I can think of
>right now include:
>
>1) It gives your web-app a stable interface and simultaneously allows
>you to freely swap the actual response generating resource, behind the
>scenes. You provide a action mapping where you tie a stable name to an
>action class, or even some other arbitrary resource...whatever suits
>you. Along with this approach, most people will hide the jsp in WEB-INF.
>I've heard reports of some having troubles with the hiding part, but it
>has worked well for me.
>
>2) You can sleep well at night knowing that all requests go through your
>special request processing logic...you won't have to worry about the
>"secure" page that you forgot to include the special taglib on. This
>need can arguably be mitigated by using cma/filters.
>
No argument ;-) It *can*!  (forget the filters - let the container do it!)

Peace :-)

Eddie



--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message