Thanks everyone. Filters are Action superclasses are both good ideas. Actually, I think a filter fits more, but it's a general solution that I would go for, even if I weren't using Struts. And both solutions involve building the whole security infrastrutcture myself. I was thinking maybe the Struts community has some faster solutions.
By "Button Level" security, I mean that the user might ask to give some users for example access to "add" and "edit" buttons, but not "delete". Thanks -----Original Message----- From: Aladin Alaily [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 25, 2005 4:09 PM To: Struts Users Mailing List Subject: Re: Security in Struts Hi Tarek, If you want action level security, just write a base action that authenticates the user, and which all other actions extend. In the base action, if the user is valid, then processing continues. Otherwise, the user is redirected to the logged-out page. I would put this logic in the Request Processor... but if you insist on having it in the Action, then that works too. Ideally, this would go in a filter, but if you don't have the facilities for filters, then they are of no use to you. Quick question... what do you mean by "button level" authentication??? Hope this helps, Aladin tarek.nabil wrote: > Hi everyone, > > We're building a project using Struts and are about to start on the > security module. The requirements are that security should be fine > grained, which means that it can not be on the module level, but > rather on the JSP or Action level. Actually, the users might ask for > security on the button level, but we intend to push back on that one. > > Are there any widely used approaches or best practices that we can > follow? > > Note that we will not be using J2EE based authentication and security, > which means we have a custom login process. > > Any suggestions are appreciated. > > Thanks > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
