3 ways: Basic authentication (implementing auth-constraint's mentioned by Lukasz) Form based method implementing users(via principals) to grant access to web resources(via roles) Certificates which implement Name based authenticators (ADS or LDAP) with keys to communicate via SSL to HTTPS server to authenticate client public key and establish handshake with HTTPS server private key at the bank we used certs
For http://docs.oracle.com/cd/E11035_01/wls100/security/thin_client.html#wp1037337 Saludos Cordiales desde EEUU Martin ______________________________________________ Porfavor..no altere ni interrumpir esta communicacion...Gracias > From: juntandolin...@gmail.com > To: user@struts.apache.org > Subject: Re: Best practice for protecting JSPs > Date: Mon, 1 Jul 2013 10:59:03 +0200 > > Filtering sounds good as well. > > Security seems to be a separate concern to struts because it must be mostly > performed from the outside: web.xml, filtering, maybe Spring Security or > other tools, > etc... > > Anyway I have missed some guidance in the documentation: feature request? > > Also, I guess that security features are out of scope, is that right? Perhaps > some > support for standard use cases, like user login, would help. > > > > El Lunes, 1 de julio de 2013 09:44:35 Antonios Gkogkakis escribió: > > What we've done is to create a filter (implement javax.servlet.Filter and > > define it in web.xml ) > > and if the resource uri ends with .jsp we return an http 403 error. > > > > Antonios > > > > On 1 July 2013 09:38, Lukasz Lenart <lukaszlen...@apache.org> wrote: > > > 2013/7/1 Antonio Sánchez <juntandolin...@gmail.com>: > > > > I need to protect JSPs. Some options: > > > > > > > > 1. Put JSPs under WEB-INF and, optionally, use the conventions plugin. > > > > > > > > 2. Declare authorization constraints in web.xml. > > > > > > These two options are the best to avoid direct access to JSPs - not > > > all containers block access to resources in WEB-INF and fake auth > > > constraints will sole that problem and it's an ultimate solution. > > > > > > > > > Regards > > > -- > > > Łukasz > > > + 48 606 323 122 http://www.lenart.org.pl/ > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > > For additional commands, e-mail: user-h...@struts.apache.org
