Hi Guys,
I wondered what approach you guys took when implementing security,
authentication and authorisation. I have the common scenario where the
application I am creating allocates roles to certain types of users, allows
them to login, then restricts access to certain pages and within the
of the framework we use, and it
is extending Struts.
As usual, any comments on this is welcome :)
Fr.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 24 August 2001 15:27
To: [EMAIL PROTECTED]
Subject: RE: Security, authentication and authorisation with Struts
I
]]
Sent: 24 August 2001 15:27
To: [EMAIL PROTECTED]
Subject: RE: Security, authentication and authorisation with Struts
I wondered what approach you guys took when implementing security,
authentication and authorisation. I have the common scenario
where the application I am creating allocates
/jaas/index-10.html for more details.
-ryan
-Original Message-
From: Prior, Simon
To: '[EMAIL PROTECTED]'
Sent: 8/24/2001 8:11 AM
Subject: Security, authentication and authorisation with Struts
Hi Guys,
I wondered what approach you guys took when implementing security,
authentication
Jonathan M Crater wrote:
i'd also be interested in hearing the rationale behind the desire not to
subclass ActionServlet from those of you who prefer to avoid it.
Offering alternatives to subclassing ActionServlet so that other
resources (like things for ValidatorForm and Tiles) can be loaded
wouldn't it be better to put this code directly into the action
servlet and rebuild struts?
That goes against my code-reusability instincts. I strive to use
the default struts build and default tag libraries.
The other possibility would be to put this in the Action class.
Before it checks the
i would prefer not to put the authentication code in the action because
it opens the possibility of having authentication logic in each and
every action, which would essentially defeat one of the main purposes of
having a controller in the first place--one point of access for security
reasons.
I would agree that subclassing the ActionServlet is usually preferable,
but would point out that the strategy is to provide a BASE action with
the authentication code, that others would subclass. So the
authentication code would only exist once, in the base class.
-- Ted Husted, Husted dot Com,
i would prefer not to put the authentication code in
the action because it opens the possibility of having
authentication logic in each and every action
In my case, each action needs a different authentication.
For example, some users have read-only access and some
have modify access.
Devon
Have you looked at Nic's extensions for Role-Based Actions?
http://husted.com/about/struts/struts-security.htm
[EMAIL PROTECTED] wrote:
i would prefer not to put the authentication code in
the action because it opens the possibility of having
authentication logic in each and every
Jcorporate Ltd.
http://www.jcorporate.com
-Original Message-
From: Jonathan M Crater [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 24, 2001 10:45 AM
To: [EMAIL PROTECTED]
Subject: Re: Security, authentication and authorisation with Struts
i would prefer not to put
11 matches
Mail list logo