struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Newfield <d...@newfield.org>
Subject Re: Basic security problem
Date Fri, 16 Apr 2010 14:29:29 GMT
Hand-rolled security almost always has many holes.

I would suggest using spring security.

Cimballi wrote:
> One way to do it it to have a super action with a permission property,
> and you set the permission property with a static param in your struts
> xml files using the StaticParameters interceptor.

Make sure you don't have a params interceptor after your staticParams 
interceptor, or else users can change the injected security level with 
an added request parameter.

-Dale

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message