Please post and/or send 1 copy to me. Thanks. ----- Original Message ----- From: "Phase Web and Multimedia" <[EMAIL PROTECTED]> To: "Struts User" <[EMAIL PROTECTED]>; "Struts Developers List" <[EMAIL PROTECTED]> Sent: Monday, April 01, 2002 11:49 AM Subject: Security Solution
> Greetings, > > I wanted to offer some code if anyone is interested. I have seen many > discuss security on archives and wanted to offer an alternative to container > managed security. > > I spent some time weighing out whether to use container managed security or > not and came to the conclusion that I would use a filter for security. There > were several inflexibilities in the spec for container managed security. I > wrote a security filter that functions very similar to container managed > security. It has an xml config file that is used to protect urls. There are > a few differences in the config and how you define protected areas and where > you are directed. > > Basically there are three areas of greater flexibility. > > 1) you can define several security-constraint groups with different login > pages. > 2) you can login easily without having to hit a secure page first > 3) you can set up an app specific security realm. (This can also be > considered a limitation if you are maintaining cross context security, but > you could easily tie into a larger security system if this is needed) > > Anyways, it is not the "standard" but it functions well and gives greater > freedom. I found container managed security to be a greater "hack" job when > I wanted to accomplish my goals. If anybody is interested I can post it for > review. It is certainly not mature and the code is fit for my current > situation with an eye to greater flexibility. I think that it could provide > a good starting point for a cross-container simple alternate solution to the > current container managed security. > > P.S. I have to improve the documentation :-) > > Thanks for your time, > Brandon Goodin > Phase Web and Multimedia > P (406) 862-2245 > F (406) 862-0354 > [EMAIL PROTECTED] > http://www.phase.ws > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
