struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Thompson <>
Subject Re: Authentication and Empty Classes
Date Sun, 11 Jul 2010 15:56:06 GMT
Couldn't you just declare "" as the action's class?

Also; it sounds like you're using a custom security solution; I'd
suggest using Spring Security instead.  Custom security code is likely
to suffer from many of the bugs that Spring Security ran into years


On Sun, Jul 11, 2010 at 8:25 AM, JP Cafaro <> wrote:
> One thing that I don't like (haven't figured out how to get around this) is
> the need for empty classes.  If I have a secure page, like an image upload
> form, let's call it (image-upload-form.jsp), I don't want the user to be
> able to access it if he or she is not logged in.  To accomplish this, I have
> a package defined in my struts.xml that declares a custom interceptor.
>  Then, in the actions that need to be secure, I declare this package as
> their ParentPackage using a file.  Finally, in order for
> an access to image-upload-form.jsp to be intercepted, I have to have a class
> called JUST so that the interceptor can be called.
>  There's nothing in the class that needs to be done.  It seems like a waste.
>  Is there any way around this?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message