Yes! This exactly what I was thinking of -- Especially because it uses the underlying security API, which could be Tomcat, Websphere, whatever. I would love to try this out, but what is the development status? Is this incorporated into Struts, or a branch, or a final submission?
In the docs, Mr. Hobbs asks what should be done when an illegal access is attempted. Why not just send an "unauthorized" header back to the browser? That is the inline with Tomcat. I believe Websphere goes a step further and allows you to specify a page for unauthorized access -- Is there a place in the struts-config for this? -----Original Message----- From: Ted Husted [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 28, 2001 1:30 PM To: Struts Users Mailing List Subject: Re: Security for Actions or ActionClasses? Struts can also use the Tomcat JDBC Realms. Nic Hobbs has put together a Role-based security package at http://husted.com/struts/resources/struts-security.htm I'm about to give it a whirl myself. Let me know if you like it. -- Ted Husted, Husted dot Com, Fairport NY USA. -- Custom Software ~ Technical Services. -- Tel +1 716 737-3463 -- http://www.husted.com/struts/ AJ Morris wrote: > > Hello, I am new Struts and evaluating whether to use it for my next project. > I wonder how struts handles security. I understand I can still apply > container security by applying security constraints to my ActionClasses. > But, is there some way to apply security based on the Actions? Does Struts > have its own implementation of security, like Tomcat and its JDBC realms? > > Sorry for the dummy question, but I'm a newbie. > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
