On Sun, 7 Jul 2003, Rick Reumann wrote:
Date: 07 Jul 2003 00:47:20 -0400
From: Rick Reumann [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Subject: Re: Webapp Security?
On Thu, 2003-07-03 at 16:42, Craig R
. McClanahan [mailto:[EMAIL PROTECTED]
Sent: 07 July, 2003 18:21
To: Struts Users Mailing List
Subject: Re: Webapp Security?
On Sun, 7 Jul 2003, Rick Reumann wrote:
Date: 07 Jul 2003 00:47:20 -0400
From: Rick Reumann [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED
On Thu, 2003-07-03 at 16:42, Craig R. McClanahan wrote:
Why are you trying to mess with the container's implementation of
authentication at all? Why not just write a Filter that does an
RD.forward() to some safe place if it sees that the session does not
contain the right stuff (because
the filter.
Edgar
-Original Message-
From: David Erickson [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 2:11 PM
To: 'Struts Users Mailing List'
Subject: Re: Webapp Security?
Ya I am thinking that creating our own security with the use
of filters is the way to go
David Erickson wrote:
Just curious how others have gone about protecting the resouces within their
webapp.. in our personal setup we would like to control access to every
resource if possible, we have our own custom login page that sets session
variables, and pulls the data from the database.
To
.
db
-Original Message-
From: Raible, Matt [mailto:[EMAIL PROTECTED]
Sent: 02 July 2003 19:13
To: 'Struts Users Mailing List'
Subject: RE: Webapp Security?
If you want to give user's dynamic permissions at runtime, you could add a
filter on top of container managed authentication (CMA
Marc wrote:
To protect your JSP, put them in a subdir of WEB-INF. Actions are still
able to redirect to those JSPs but they are not direct accessible.
To protect your other files, just make a servlet and use path-mapping
like '/resources/*' to map all requests to this servlet.
What kind of
On 02/07/2003 18:53 David Erickson wrote:
Is it based on using security restraints and having all your users set
into
groups in the tomcat-users.xml file? If so our problem is we don't want
to
have users based into groups but want to give permissions to users
individually to many different
Adam Hardy wrote:
Marc wrote:
To protect your JSP, put them in a subdir of WEB-INF. Actions are
still able to redirect to those JSPs but they are not direct accessible.
To protect your other files, just make a servlet and use path-mapping
like '/resources/*' to map all requests to this
quickly if you have very many things loading on a webpage.
-David
- Original Message -
From: David Bolsover [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 3:56 AM
Subject: RE: Webapp Security?
The who sees what problem is one I faced some
David Bolsover wrote:
I ended up writing my own application security manager - when the user logs in,
his permissions are loaded from DB and then checked before any action is
performed - with appropriate errors if a violation is detected.
Where are you doing the checking, in the Action?
Erik
On Thu, 3 Jul 2003, Adam Hardy wrote:
Date: Thu, 03 Jul 2003 13:47:20 +0200
From: Adam Hardy [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Subject: Re: Webapp Security?
Adam Hardy wrote:
Marc wrote
: Thursday, July 03, 2003 10:35 AM
To: Struts Users Mailing List
Subject: Re: Webapp Security?
On Thu, 3 Jul 2003, Adam Hardy wrote:
Date: Thu, 03 Jul 2003 13:47:20 +0200
From: Adam Hardy [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: Struts Users Mailing List
On Thu, 3 Jul 2003, Vijay Balakrishnan wrote:
Date: Thu, 3 Jul 2003 11:04:51 -0700
From: Vijay Balakrishnan [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: 'Struts Users Mailing List' [EMAIL PROTECTED]
Subject: [OT] RE: Webapp Security?
HI,
On a similar
? Any other ways to do this?
-David
- Original Message -
From: Craig R. McClanahan [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 11:34 AM
Subject: Re: Webapp Security?
On Thu, 3 Jul 2003, Adam Hardy wrote:
Date: Thu, 03 Jul 2003 13:47
David Erickson wrote:
Ok well lets suppose you want to protect 100% of your content, perhaps minus
the login.jsp or what not page. We just spent a couple hours brainstorming
how to protect our webapp. We want flexibility above and beyond what
container security provides, so we want to use our
David,
First let me apologize for i have not read all of the email relating to your
topic. However,
my question is very specific. Are you trying to prevent people from
tampering with your code... or just getting around your security to access
pages they are
not suppose to.
In my own project we
]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 12:52 PM
Subject: Re: Webapp Security?
David,
First let me apologize for i have not read all of the email relating to
your
topic. However,
my question is very specific. Are you trying to prevent people from
On Thu, 2003-07-03 at 14:41, Erik Price wrote:
I am really confused as to why you don't want to use a Filter. It seems
that they were developed specifically for situations like the one you
describe
Here's the problem I'm having with the securityFilter stuff that I'm
implementing. Not sure
On Thu, 2003-07-03 at 14:37, David Erickson wrote:
Thoughts, comments? Any other ways to do this?
I like to subclass the RequestProcessor and over-ride the process
method:
public void process(HttpServletRequest request, HttpServletResponse
response)
throws IOException,
Rick Reumann wrote:
On Thu, 2003-07-03 at 14:41, Erik Price wrote:
I am really confused as to why you don't want to use a Filter. It seems
that they were developed specifically for situations like the one you
describe
Here's the problem I'm having with the securityFilter stuff that I'm
And of course UserBean has a isInRole(role) method so if you need to
have fine control anywhere you have it. The servlet filter stuff is nice
because you can configure this part in an xml file... but I'm still
having that one issue that I just posted about.. (problem when user is
deep in an app
On Thu, 3 Jul 2003, David Erickson wrote:
Date: Thu, 3 Jul 2003 12:37:56 -0600
From: David Erickson [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Subject: Re: Webapp Security?
Ok well lets suppose you want
probably use filters to accomplish this.. thoughts?
-David
- Original Message -
From: Craig R. McClanahan [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 1:05 PM
Subject: Re: Webapp Security?
On Thu, 3 Jul 2003, David Erickson wrote:
Date
On Thu, 2003-07-03 at 15:05, Craig R. McClanahan wrote:
If you go with roll your own security, though, I would definitely
recommend that you implement it as a Filter rather than trying to modify
Struts to do this for you.
Craig, is there a way I can force container managed security under
At 15:22 -0400 7/3/03, Rick Reumann spoke thusly:
On Thu, 2003-07-03 at 15:05, Craig R. McClanahan wrote:
If you go with roll your own security, though, I would definitely
recommend that you implement it as a Filter rather than trying to modify
Struts to do this for you.
Craig, is there a
Hi David...
Here is what we did.
we did not use the roles framework for security ( logins ) instead we
created our own as we needed a more robust rights framework ( our had to be
context sensity as per the application.. ie..if the data is true then these
are your current right .. if not they may
On Thu, 2003-07-03 at 15:27, Dolf Starreveld wrote:
How about deriving all your actions from a base class that checks if
the requisite objects are in session, and if not, either puts them
there, or forwards/redirects to a page which will cause them to be
put there.
If you prefer, you
is
supposed get that test.jsp, or does it do something else??
-David
- Original Message -
From: Jamie M. Guillemette [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 1:43 PM
Subject: Re: Webapp Security?
Hi David...
Here is what we did
At 15:46 -0400 7/3/03, Rick Reumann spoke thusly:
I suppose what I meant to convey, but failed to do is that I use CMS
(or a close cousing through SecurityFilter). The object that I am
checking for in the base class is a User object. I am not checking it
for security, but to deal with the
You are refering to jspc ?
In this case when you make a request for test.jsp,
it is first checked that no mapping in the web.xml matches this url.. in
your case there now is.. the servlet equivilent.. hence
your servlet gets run. If the web.xml did not contain the entry then it
would check
On Thu, 3 Jul 2003, Rick Reumann wrote:
Date: 03 Jul 2003 15:22:55 -0400
From: Rick Reumann [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Subject: Re: Webapp Security?
On Thu, 2003-07-03 at 15:05, Craig R
On Thu, 3 Jul 2003, David Erickson wrote:
Date: Thu, 3 Jul 2003 13:44:41 -0600
From: David Erickson [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Subject: Re: Webapp Security?
Yes this makes excellent sense
Just curious how others have gone about protecting the resouces within their
webapp.. in our personal setup we would like to control access to every
resource if possible, we have our own custom login page that sets session
variables, and pulls the data from the database.
We can authenticate
Mailing List
Subject: Webapp Security?
Just curious how others have gone about protecting the resouces within their
webapp.. in our personal setup we would like to control access to every
resource if possible, we have our own custom login page that sets session
variables, and pulls the data from
David Erickson wrote:
Just curious how others have gone about protecting the resouces within their
webapp.. in our personal setup we would like to control access to every
resource if possible, we have our own custom login page that sets session
variables, and pulls the data from the database.
We
' [EMAIL PROTECTED]
Sent: Wednesday, July 02, 2003 11:47 AM
Subject: RE: Webapp Security?
How about using container managed security with tomcat's realms? It works
great for me.
Here's an example app if you're interested: http://tinyurl.com/fuvq
HTH,
Matt
-Original Message-
From
David Erickson wrote:
Is it based on using security restraints and having all your users set into
groups in the tomcat-users.xml file? If so our problem is we don't want to
have users based into groups but want to give permissions to users
individually to many different things.. and we want to
.
HTH,
Matt
-Original Message-
From: David Erickson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 02, 2003 11:54 AM
To: Struts Users Mailing List
Subject: Re: Webapp Security?
Is it based on using security restraints and having all your users set into
groups in the tomcat-users.xml file
39 matches
Mail list logo
