struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Barrows <>
Subject Re: Struts & Security
Date Wed, 19 Jan 2005 14:58:10 GMT
On Wed, 19 Jan 2005 21:54:48 +0900, Sylvain ~ <> wrote:
> I'm working on a simple application which requires very simple
> security as given there is only 3 kind of users : anonymous, users and
> admin.
> For portability issues, I don't want to use Tomcat's security system.

Tomcat doesn't have a tomcat specific security mechanism.  They use
the one specified by  the JSP/Servlet spec.

> I think using JAAS or securityFilter for a such simple application
> would create more problems than it would solve, so I firstly decided
> to implement a security feature with a jsp tag that I'll include in my
> webpages.

Not really, as you found out putting pages together is a bit tricky. 
Security filter is much easier, and using the JSP/Servlet security
even easier.
JAAS is usually wrapped by a Security Filter, and Tomcat has a JAAS
plugin to implement the standard security.

> The tag is similar to the one provided as an example of struts : checkLogon
> It was working well with the firsts drafts of my application, but
> since I use Tiles I can't perform any redirect with this tag, I just
> get a blank page where the protected page should take place.
> The page access is protected well, but what should I do if I want to
> have a "403 page" instead of just displaying the page ?
> Any Idea would be appreciated.
> Sylvain.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message