struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Newfield <>
Subject Re: Basic security problem
Date Fri, 16 Apr 2010 14:29:29 GMT
Hand-rolled security almost always has many holes.

I would suggest using spring security.

Cimballi wrote:
> One way to do it it to have a super action with a permission property,
> and you set the permission property with a static param in your struts
> xml files using the StaticParameters interceptor.

Make sure you don't have a params interceptor after your staticParams 
interceptor, or else users can change the injected security level with 
an added request parameter.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message