On Sun, 26 Sep 2004 05:07:32 +0000, liu ji <[EMAIL PROTECTED]> wrote: > Thank you. > I know filter can do this very well.But filter have some drawbacks.I don't > know how to express this,because of my poor English. > Without struts,I can use a single filter to delegate the request to my > access control framework.I have already done this. > But when using struts,there will be some redundancies. > And I think struts should provide this. > > May a access control framework which doesn't denpend on struts is more > attractive. > I want this kind framework. > Do you know where can I find one? >
My personal preference is to use container managed security where possible with Struts based applications, for which purpose Struts aready provides some levels of integration: * The "role" attribute on <action>, which limits who can execute an action * The "role" attribute on <logic:present> so you can conditionally display nested content based on the user having the correct role. When container managed security is insufficient, I like SecurityFilter (http://sourceforge.net/projects/securityfilter/). One particular reason I like this is that the implementation *simulates* container managed security, so the Struts based support for role checking still works. This will also be true for any other filter-based solution that does the same thing (providing a wrapped servlet request object such that getRemoteName, getUserPrincipal, and isUserInRole provide the required data). You don't need anything extra in Struts for this purpose. Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
