struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alex hun <>
Subject Re: Security and Struts
Date Tue, 10 Sep 2002 15:53:04 GMT
Any recommendation to implementing audit trial under the struts frame work?
I was hoping to pushed the audit trail as backend as possible, if possible
invisible at the Action layer.  Did look into do it under either the a class
extending from Dispatch action and have the other class extending it. However
another colleague of my was proposing to try out the forwardactionmap.
Any good practices/design that i can adopt?

Michael Lee wrote:

> They have a good login example in the example war in the struts/webapps dir.
> That's the way I've done it in the past. The way I'm currently doing it is
> to use container managed security. This means NOT using struts for
> authorization/authentication (for J2EE security). Since your using JSP your
> probably gonna do form base authentication so just post your form to
> action="j_security_check" and make sure your form username and password
> fields are j_username and j_password appropriately. Check your container
> documentation for how to hook this into its security model.
> I'm currently actually having a problem with this in that I need for the
> user information to be stored in the session at login. I may just put a tag
> at the top of every page but that seems to get rid of the 'niceties' of
> using J2EE security. I want to set the locale based upon the loaded user
> object. Problem is, it goes right to the requested jsp page after login
> without loading the user and his preferences. Not sure how I'm going to
> handle this but in the mean time, that is how I handle security.
> Mike
> ----- Original Message -----
> From: "Darren Hill" <>
> To: "'Struts Users Mailing List'" <>
> Sent: Tuesday, September 10, 2002 10:24 AM
> Subject: Security and Struts
> > Hey all,
> >
> > I'm looking for a job document and example about best practices in
> > implementing security in struts.
> > I've got the general idea about placing all my JSP's under WEB-INF, but a
> > doc/example might really solidify it for me.  Thanks in advance.
> >
> > Darren.
> >
> > --
> > To unsubscribe, e-mail:
> <>
> > For additional commands, e-mail:
> <>
> >
> --
> To unsubscribe, e-mail:   <>
> For additional commands, e-mail: <>

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message