struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "AJ Morris">
Subject RE: Security for Actions or ActionClasses?
Date Wed, 28 Nov 2001 19:41:48 GMT
Yes! This exactly what I was thinking of -- Especially because it uses the
underlying security API, which could be Tomcat, Websphere, whatever. I would
love to try this out, but what is the development status? Is this
incorporated into Struts, or a branch, or a final submission?

In the docs, Mr. Hobbs asks what should be done when an illegal access is
attempted. Why not just send an "unauthorized" header back to the browser?
That is the inline with Tomcat. I believe Websphere goes a step further and
allows you to specify a page for unauthorized access -- Is there a place in
the struts-config for this?

-----Original Message-----
From: Ted Husted []
Sent: Wednesday, November 28, 2001 1:30 PM
To: Struts Users Mailing List
Subject: Re: Security for Actions or ActionClasses?

Struts can also use the Tomcat JDBC Realms.

Nic Hobbs has put together a Role-based security package at

I'm about to give it a whirl myself. Let me know if you like it.

-- Ted Husted, Husted dot Com, Fairport NY USA.
-- Custom Software ~ Technical Services.
-- Tel +1 716 737-3463

AJ Morris wrote:
> Hello, I am new Struts and evaluating whether to use it for my next
> I wonder how struts handles security. I understand I can still apply
> container security by applying security constraints to my ActionClasses.
> But, is there some way to apply security based on the Actions? Does Struts
> have its own implementation of security, like Tomcat and its JDBC realms?
> Sorry for the dummy question, but I'm a newbie.
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message