struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard J. Duncan" <RDun...@bds.com>
Subject RE: Declarative Security and Struts
Date Tue, 18 Nov 2003 16:41:59 GMT
 

A few good things to know when using struts and jsp/servlet security:

 

 

1.    the logic:present and logic:notPresent tags let you conditionalize
your jsps based on the users role. 

2.    Your code can use
javax.servlet.http.HttpServletRequest.isUserInRole

3.    Since you are using tomcat 5x, think about using the
DataSourceRelm in conjunction with something like commons dbcp.

 

 

-Rich

 

-----Original Message-----
From: Adam Hardy [mailto:ahardy.struts@cyberspaceroad.com] 
Sent: Tuesday, November 18, 2003 3:16 AM
To: Struts Users Mailing List
Subject: Re: Declarative Security and Struts

 

On 11/18/2003 12:47 AM Michael Blair wrote:

> I have been able to get a MemoryRealm in Tomcat to work using BASIC

> authentication. If I try to do this with FORM based authentication it
seems

> to think the ACTION="j_security_check" in my login.jsp seems to make
struts

> think this is an action that should be in the struts-config.

> 

> I admit, I know very little about security. Any links for MemoryRealm
and

> JDBCRealm using struts would be great! The goal is Memory first, then
get it

> to work with JDBC.

 

Mike,

don't use an html:form taglib for the login page. Just use pure html and


then struts won't try to get involved.

 

 

Adam

-- 

struts 1.1 + tomcat 5.0.12 + java 1.4.2

Linux 2.4.20 RH9

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message