<snip> > > > > Finally, Container-managed authentication/authorization is > okay, but it is > > application-server specific and would have to be modified for > any port to > > another container. > > > > More precisely, the mechanism by which users are registered is server > specific -- your application that just *uses* containe managed security is > 100% portable.
Thanks for the clarification Craig. > > > > > peace, > > Joe > > Craig > > > > > > > -----Original Message----- > > From: Ryan Cuprak [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 30, 2002 11:53 AM > > To: [EMAIL PROTECTED] > > Subject: Security and Struts > > > > > > > > Hello, > > I was hoping someone would have some advice on securing a website using > > struts. I am developing a webapp that has to be secure > (password protected) > > and which restricts access to different parts of the site > depending on the > > roles a user possesses. The roles each user has are stored as XML in a > > database and may be configured by an administrator. Does struts have any > > built-in security capabilities that I could take advantage of? > > > > > > Any help/pointers would be much appreciated! > > > > My first guess would be to put all jsp pages in WEB-INF (use only > > ForwardAction to get to each page) and subclass ActionServlet > with the logic > > for check authentication etc. However, will this cause any > problems when it > > comes to a user book marking a page? > > > > Thanks, > > -Ryan Cuprak > > > > > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
