Check the archives...i know this has been discussed at least once before (e.g. http://www.mail-archive.com/[email protected]/msg30418.html).
Also, a few tips: * I don't think you'll need to subclass ActionServlet. However, you might consider subclassing Action. And/or, write a servlet filter to do your authentication/authorization. * Tiles can help you present different views based on role (i'm using it, and it's pretty slick). * Make sure your container supports JSPs under WEB-INF. Not all do (e.g. Weblogic 6.1). chris > -----Original Message----- > From: Ryan Cuprak [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 30, 2002 1:53 PM > To: [EMAIL PROTECTED] > Subject: Security and Struts > > > > Hello, > I was hoping someone would have some advice on securing a > website using > struts. I am developing a webapp that has to be secure > (password protected) > and which restricts access to different parts of the site > depending on the > roles a user possesses. The roles each user has are stored as XML in a > database and may be configured by an administrator. Does > struts have any > built-in security capabilities that I could take advantage of? > > > Any help/pointers would be much appreciated! > > My first guess would be to put all jsp pages in WEB-INF (use only > ForwardAction to get to each page) and subclass ActionServlet > with the logic > for check authentication etc. However, will this cause any > problems when it > comes to a user book marking a page? > > Thanks, > -Ryan Cuprak > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
