On 10/21/2003 03:11 PM ajay brar wrote:
hi!
i need to implement the following security features in my security application.
authentication
which is better - have a login page and keep some sort of bean in session on successful login
and check for the ban in every action(and have no direct links)
OR use realms, define user roles etc
(i have only 2 classes of users at the moment, the max number will be 4)
confidentiality - should i implement my own encryption protocol, like a function that takes a string,
gets a symmetric key(or private key if using public key encryption) and encrypt and send
the data
integrity - again what should be my approach?
non-repudiation - digital signatures????
prevent replay attacks - ???
how do i support ssl in struts?
any pointers and references would be most welcome
You mean to ask, should you use container-managed security or not?
I would check out the mailing list archives because there are some very interesting posts from the last 6 months or so that address this issue. IIRC the deciding factor is how complicated your role & authorisation implementation is.
For ssl in struts, check out sslext at sourceforge - there is a link to it from the struts website.
HTH Adam
-- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
