struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukasz.len...@googlemail.com>
Subject Re: Potential Forms Security Issue
Date Wed, 08 Dec 2010 09:29:30 GMT
2010/12/8 Obinna <obinna@gmail.com>:
> Though not a bug, I can imagine that this unexpected behavior can catch many
> developers out and can be difficult to diagnose.  It also requires that
> security considerations be handled (or at least considered) in the jsp,
> which seems to break proper separation of concerns (especially for security
> configuration).

You can always create an interceptor to check user's privileges. My
thought is that it will be very hard to implement such logic in
Struts2 as you're using external filter that has nothing to do with
Struts2 itself. That siad the best option is a dedicated interceptor
that can cooperate with implemented security mechanism - in this case
Spring Security. Maybe we should provide some example or so, but if
you can help, I appreciate that!


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
Kapituła Javarsovia 2010 http://javarsovia.pl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message