struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eddie Bush <>
Subject Re: Security and Struts
Date Wed, 31 Jul 2002 01:31:38 GMT
Troy Hart wrote:

>I don't think it is that much work to put an action in front of every
>jsp page that represents "page" in your application. I actually think it
>is a very good abstraction.
o.a.s.actions.ForwardAction works *really well* (and simply) for this - 
as does the NoOpAction (for fowarding to definitions - can't forget Tiles!).

>A couple of the advantages I can think of
>right now include:
>1) It gives your web-app a stable interface and simultaneously allows
>you to freely swap the actual response generating resource, behind the
>scenes. You provide a action mapping where you tie a stable name to an
>action class, or even some other arbitrary resource...whatever suits
>you. Along with this approach, most people will hide the jsp in WEB-INF.
>I've heard reports of some having troubles with the hiding part, but it
>has worked well for me.
>2) You can sleep well at night knowing that all requests go through your
>special request processing won't have to worry about the
>"secure" page that you forgot to include the special taglib on. This
>need can arguably be mitigated by using cma/filters.
No argument ;-) It *can*!  (forget the filters - let the container do it!)

Peace :-)


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message