struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juan Chung <>
Subject Re: Basic security problem
Date Sat, 17 Apr 2010 04:53:55 GMT
place your right control check in a filter, i.e whenever the user send a 
request to
the server, retrieve its right information then compare the request uri, 
if match,
the user has been granted to do so, or does not have the proper right.

good luck.

On 04/16/2010 10:36 AM, Stephane Cosmeur wrote:
> Hello struts users
> I have a really basic security problem and i would like to know what is the
> best practice to resolve it.
> I have an application with an authentification system and diffrent rights
> for diffrent type of user. To add or remove a link/fonctionnality, we simply
> declarate the element in a<s:if test=..>  balise. But the problem is the
> actions are still available by typing URL in bar address.
> How can i fix it ?
> Regards,

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message