struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Barrows" <jbarr...@sssc.com>
Subject RE: Security question
Date Tue, 04 Jan 2005 18:29:44 GMT


> -----Original Message-----
> From: Barnett, Brian W. [mailto:bbarnett@scholarinc.com]
> Sent: Tuesday, January 04, 2005 11:04 AM
> To: 'Struts Users Mailing List'
> Subject: Security question
> 
> 
> I'm using LookupDispatchAction and role-based security. I 
> want to allow
> certain roles to access certain dispatches of an action. I'm 
> not sure what
> the best way to handle this is.
> 
> Should I create separate Action classes? Is there a slick way 
> to specify
> "dispatch level" security in web.xml?

The container managed security is handled by URL.  Which might include parameters.
If not you'll have to use one of the dispatch that requires a seperate URL to do this.

Alternatively you'll have to put the security checks inside each method.

> 
> Can someone point me to a good article(s) on using role-based 
> security in a
> struts app that might address these issues?
> 
> Thanks,
> Brian
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message