It would be like a branch at this point. I'm going to try it myself soon, and if I like it as much as Matt did, then it could make it's way into the distribution ;-)
It does help when people like Matt mention that it worked well on their own projects. AJ Morris wrote: > > Yes! This exactly what I was thinking of -- Especially because it uses the > underlying security API, which could be Tomcat, Websphere, whatever. I would > love to try this out, but what is the development status? Is this > incorporated into Struts, or a branch, or a final submission? > > In the docs, Mr. Hobbs asks what should be done when an illegal access is > attempted. Why not just send an "unauthorized" header back to the browser? > That is the inline with Tomcat. I believe Websphere goes a step further and > allows you to specify a page for unauthorized access -- Is there a place in > the struts-config for this? > > -----Original Message----- > From: Ted Husted [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 28, 2001 1:30 PM > To: Struts Users Mailing List > Subject: Re: Security for Actions or ActionClasses? > > Struts can also use the Tomcat JDBC Realms. > > Nic Hobbs has put together a Role-based security package at > > http://husted.com/struts/resources/struts-security.htm > > I'm about to give it a whirl myself. Let me know if you like it. > > -- Ted Husted, Husted dot Com, Fairport NY USA. > -- Custom Software ~ Technical Services. > -- Tel +1 716 737-3463 > -- http://www.husted.com/struts/ > > AJ Morris wrote: > > > > Hello, I am new Struts and evaluating whether to use it for my next > project. > > I wonder how struts handles security. I understand I can still apply > > container security by applying security constraints to my ActionClasses. > > But, is there some way to apply security based on the Actions? Does Struts > > have its own implementation of security, like Tomcat and its JDBC realms? > > > > Sorry for the dummy question, but I'm a newbie. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
