Memorial Day Everyone! :-D ... back to work Tuesday :-( ... vacation
coming soon though! :-D
Later :-)
Eddie
- Original Message -
From: Adam Hardy [EMAIL PROTECTED]
To: Struts Users Mailing List user@struts.apache.org
Sent: Sunday, May 29, 2005 6:32 PM
Subject: Re: Security in Struts
not the only one that does NOT get today off
as a paid holiday)
Martin-
- Original Message -
From: Eddie Bush [EMAIL PROTECTED]
To: Struts Users Mailing List user@struts.apache.org
Sent: Monday, May 30, 2005 2:10 AM
Subject: Re: Security in Struts
Adam,
Nothing put me off CMA :-) I
as a paid holiday)
Martin-
- Original Message - From: Eddie Bush [EMAIL PROTECTED]
To: Struts Users Mailing List user@struts.apache.org
Sent: Monday, May 30, 2005 2:10 AM
Subject: Re: Security in Struts
Adam,
Nothing put me off CMA :-) I think it's fantastic, if it fits your
ticket
Hi Eddie,
Thanks a lot for such an enlightening explanation.
-Original Message-
From: Eddie Bush [mailto:[EMAIL PROTECTED]
Sent: Saturday, May 28, 2005 10:01 PM
To: Struts Users Mailing List
Subject: Re: Security in Struts
Tarek,
Java provides a standard mechanism for you to tell
Eddie,
what put you off CMA?
if you don't mind me asking.
Adam
On 28/05/05 19:00nbsp;Eddie Bush wrote:
Tarek,
Java provides a standard mechanism for you to tell if the person
accessing your application has a certain permission. This is available
through request.isUserInRole(String).
Tarek,
Java provides a standard mechanism for you to tell if the person accessing
your application has a certain permission. This is available through
request.isUserInRole(String). Unfortunately, that only works for
Container-Managed Authentication (CMA). You can make it work without using
To: Struts Users Mailing List
Subject: Re: Security in Struts
Hi Tarek,
If you want action level security, just write a base action that
authenticates the user, and which all other actions extend. In the base
action, if the user is valid, then processing continues. Otherwise, the
user is redirected
Thanks David. But it seems that this framework only works with Spring,
and we're not using Spring.
-Original Message-
From: Durham David R Jr Ctr 805 CSPTS/SCE
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 25, 2005 6:45 PM
To: Struts Users Mailing List
Subject: RE: Security in Struts
Thanks David. But it seems that this framework only works with
Spring, and we're not using Spring.
It works with Struts MVC, but yes, you'll likely need Spring to
configure the filters, and to do some proxying for the button level
access.
- Dave
On 5/26/05, Durham David R Jr Ctr 805 CSPTS/SCE
[EMAIL PROTECTED] wrote:
Thanks David. But it seems that this framework only works with
Spring, and we're not using Spring.
It works with Struts MVC, but yes, you'll likely need Spring to
configure the filters, and to do some proxying for the
Hello Tarek,
I'd say front your application with a Servlet Filter that checks for
the security of the current page against security runles defined in
database/XML and probably cached for the current session to avoid
hitting database for every request.
ATTA
On 5/25/05, tarek.nabil [EMAIL
Hi Tarek,
If you want action level security, just write a base action that
authenticates the user, and which all other actions extend. In the base
action, if the user is valid, then processing continues. Otherwise, the
user is redirected to the logged-out page. I would put this logic in
Are there any widely used approaches or best practices that we
can follow?
The acegi security framework offers a widely used approach:
http://acegisecurity.sourceforge.net/
- Dave
-
To unsubscribe, e-mail: [EMAIL
I posted on wiki:
http://wiki.apache.org/struts/ApplicationSecurity
(any FAQ, maybe people create or edit WIKI)
.V
Hari Saptoadi wrote:
Hi All
i'd like to say sorry if someone already asked this question before...
what is best practice implement security in struts apps ?
i'm looking something that
Why don't you use a tag to check the logon on every page you want a secured
access to? Just like in the struts-example:
at the top of your JSP goes:
%@ taglib uri=/WEB-INF/app.tld prefix=app %
app:checkLogon/
and the class that is behind this has to extend TagSupport. See the
struts-example for
15 matches
Mail list logo
