struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jing Zhou" <j...@netspread.com>
Subject Re: Best place for security checks in Struts?
Date Tue, 08 Jul 2003 16:17:45 GMT

----- Original Message ----- 
From: "Sandeep Takhar" <sandeep_takhar@yahoo.com>
To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
Sent: Tuesday, July 08, 2003 10:47 AM
Subject: Re: Best place for security checks in Struts?


> There must be a diagram that shows all the calls
> before
> it actually hits execute() method.  There are quite a
> few.
> 
> If you have a base action you can override one of them
> 
> processRoles seems to be a logical place...

Overriding the request processor is my favored place.
You could extend action mapping to have additional
security parameters and in your extended request
processor you check if users are allowed to execute
the corresponding action when the roles are not sufficient.

> 
> sandeep
> --- David Erickson <derickson@cmcflex.com> wrote:
> > Hi I am setting up my webapp for security, had a big
> > thread about it last
> > week, we've implemented filters to handle all the
> > static filters sitting
> > around, but would also like to put some security
> > into the struts actions
> > themselves.  I'm trying to figure out where the best
> > place to implement the
> > checks would be, if I need to extend the class that
> > actually calls the
> > actions, or if I should extend the base action and
> > insert checks, or what
> > the best thing to do would be.  Somehow each of the
> > actions needs to have a
> > name assigned to it to check against as well, and
> > the information will be
> > pulled from a user bean stored in the session
> > variable.
> > 
> > Thanks in advance!
> > -David
> > 
> >

Jing
 
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > struts-user-help@jakarta.apache.org
> > 
> 
> 
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message