Howdy. Is there a "best-practice" for using J2EE container managed security with WebWork 1.3 (<security-constrainy> etc. in web.xml)?
I've discussed some possible strategies with Joseph (Ottinger) on irc, but none of them seem natural. 1 - prefix action mappings with secured-theaction.action in views.properties and restrict access to these mappings in web.xml. 2 - use different webwork.action.extension (.action & .secured-action) and restrict access based on extension in web.xml (is it even possible to specify more then one extension in webwork.properties?) 3 - use web.xml to restrict access to the web-resources (i.e. /jsp/secured/somepage.jsp). This would only protect the view, but not the execution of the action. How are you folks out there managing this situation? Best Regards //Anders -- |===================================| | Anders Engström | | [EMAIL PROTECTED] | | http://www.gnejs.net | |===================================| |Your mind is like an umbrella. | |It doesn't work unless you open it.| | /Frank Zappa | |===================================|
pgp00000.pgp
Description: PGP signature
