Hi Tarek,
If you want action level security, just write a base action that
authenticates the user, and which all other actions extend. In the base
action, if the user is valid, then processing continues. Otherwise, the
user is redirected to the logged-out page. I would put this logic in
the Request Processor... but if you insist on having it in the Action,
then that works too. Ideally, this would go in a filter, but if you
don't have the facilities for filters, then they are of no use to you.
Quick question... what do you mean by "button level" authentication???
Hope this helps,
Aladin
tarek.nabil wrote:
Hi everyone,
We're building a project using Struts and are about to start on the
security module. The requirements are that security should be fine
grained, which means that it can not be on the module level, but rather
on the JSP or Action level. Actually, the users might ask for security
on the button level, but we intend to push back on that one.
Are there any widely used approaches or best practices that we can
follow?
Note that we will not be using J2EE based authentication and security,
which means we have a custom login process.
Any suggestions are appreciated.
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
