struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Thompson <elephant...@gmail.com>
Subject Re: Authentication and Empty Classes
Date Sun, 11 Jul 2010 15:56:06 GMT
Couldn't you just declare "BaseAction.java" as the action's class?

Also; it sounds like you're using a custom security solution; I'd
suggest using Spring Security instead.  Custom security code is likely
to suffer from many of the bugs that Spring Security ran into years
ago.

-Brian

On Sun, Jul 11, 2010 at 8:25 AM, JP Cafaro <jcafaro10@gmail.com> wrote:
> One thing that I don't like (haven't figured out how to get around this) is
> the need for empty classes.  If I have a secure page, like an image upload
> form, let's call it (image-upload-form.jsp), I don't want the user to be
> able to access it if he or she is not logged in.  To accomplish this, I have
> a package defined in my struts.xml that declares a custom interceptor.
>  Then, in the actions that need to be secure, I declare this package as
> their ParentPackage using a package-info.java file.  Finally, in order for
> an access to image-upload-form.jsp to be intercepted, I have to have a class
> called ImageUploadForm.java JUST so that the interceptor can be called.
>  There's nothing in the class that needs to be done.  It seems like a waste.
>  Is there any way around this?

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message