Re: Spring Security and Struts2 Using tiles

Alberto A. Flores
Wed, 14 May 2008 06:10:50 -0700

After further testing, it looks like even without tiles, the strut2action mapping is not secured with Acegi/Spring Security (as of version2.0.1, Struts version 2.0.11). As far as I can tell, it has to do withthe FilterDispatcher (Struts2) always forwarding to ActionProxy class toprocess work (hence the Spring Security Filter never knows of the request)


Antonio Petrelli wrote:

2008/5/13 Alberto A. Flores <[EMAIL PROTECTED]>:

I would, but it seems to me like there is little that can be done on the
Struts2 side (unless a plugin of some sort is written). Essentially, when
control is forwarded to the tile, Spring security can not do much (or maybe
I'm missing something).


I see...

 The Spring Security team is well aware of (as far as forwards), that
resources are not secured on forwards (which sucks, really, unless I'm doing
something terribly wrong).


Great, at least the bug is not at Struts or Tiles side :-)

 I'll see if I can create a subset of my current app describing the problem.
Probably would post a war file? Is that what you meant?


Exactly, with the source.

Antonio

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


--

Alberto A. Flores
http://www.linkedin.com/in/aflores

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to

user

Re: Spring Security and Struts2 Using tiles