struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Rhoads" <brho...@zethcon.com>
Subject RE: Security and Struts
Date Tue, 30 Jul 2002 19:23:56 GMT
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/realm-howto.html

-----Original Message-----
From: Ryan Cuprak [mailto:cuprakr@earthlink.net]
Sent: Tuesday, July 30, 2002 1:53 PM
To: struts-user@jakarta.apache.org
Subject: Security and Struts



Hello,
 I was hoping someone would have some advice on securing a website using
struts. I am developing a webapp that has to be secure (password protected)
and which restricts access to different parts of the site depending on the
roles a user possesses. The roles each user has are stored as XML in a
database and may be configured by an administrator. Does struts have any
built-in security capabilities that I could take advantage of?


 Any help/pointers would be much appreciated!

 My first guess would be to put all jsp pages in WEB-INF (use only
ForwardAction to get to each page) and subclass ActionServlet with the logic
for check authentication etc. However, will this cause any problems when it
comes to a user book marking a page?

Thanks,
-Ryan Cuprak



--
To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message