struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Law <andy....@roslin.ed.ac.uk>
Subject Re: Application based Security
Date Mon, 15 Dec 2008 12:25:32 GMT


Shekher wrote:
> 
> Hi All,
> 
> We are developing an application based on Struts2 framework. We are on way
> to develop application based security so that the unauthorized user can
> not
> access the secure area,it needs the request to be from the authorized
> person.We can have the Below mentioed approach
> 
> 1) For Secure area the user must be logged in to the ysystem and have
> authorization for accessing that
> 2) For every request coming to the secured region, we need to put the
> check
> if the user is a valid one or not.
> 
> We cab think of the functionality which checks for the icoming request for
> its authentication and permits only authenticated request.
> 
> I need your suggestion about the approach we can follow in struts2 so that
> we can achieve the above mentioed points and also maintenance and
> enterprise
> integration will be area of concern.
> 
> IF any one have worked or working on similar area pleaes share his/her
> view
> how to achieve that here in struts2
> 
> Thanks in advance
> shekher
> 
> 

I think that you need to be looking at Interceptors. You can couple them as
tightly or as loosely to your Actions as you like. You can also build
systems using Interceptors that factor out the control of the authentication
and authorisation to completely separate code which makes integrating with
other enterprise systems a bit easier.

Later,

Andy
-- 
View this message in context: http://www.nabble.com/Application-based-Security-tp21010272p21012989.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message