struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aladin Alaily <str...@aladin.ca>
Subject Re: Security in Struts
Date Wed, 25 May 2005 12:09:14 GMT
Hi Tarek,

If you want action level security, just write a base action that 
authenticates the user, and which all other actions extend.  In the base 
action, if the user is valid, then processing continues.  Otherwise, the 
user is redirected to the logged-out page.  I would put this logic in 
the Request Processor... but if you insist on having it in the Action, 
then that works too.   Ideally, this would go in a filter, but if you 
don't have the facilities for filters, then they are of no use to you.

Quick question... what do you mean by "button level" authentication???

Hope this helps,
Aladin



tarek.nabil wrote:

> Hi everyone,
> 
> We're building a project using Struts and are about to start on the
> security module. The requirements are that security should be fine
> grained, which means that it can not be on the module level, but rather
> on the JSP or Action level. Actually, the users might ask for security
> on the button level, but we intend to push back on that one.
> 
> Are there any widely used approaches or best practices that we can
> follow?
> 
> Note that we will not be using J2EE based authentication and security,
> which means we have a custom login process.
> 
> Any suggestions are appreciated.
> 
> Thanks
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message