> its a very nice example which u have sent but i have a doubt that
> "as u are using salt(generation) adding to the encripting code that will be
> fine for registeration but what ab the login time how you are going to
> decript the data base code"?
You do not need to decrypt - you just operate on the encrypted hash. (encode
the given password at login time and match it against the hash in db)
You will have no chance to get the clear text password again.
> and authenticate... and one more thing is are
> u using Hibernate?
Struts2 does not help you when it comes to authorization and authentication.
You have some possibilities: In an enterprise environments you might want to
use the container based security just like in a normal webapp.. there is a
RolesInterceptor for struts that you can use.
Otherwise you have to build a custom security implementation. Or use something
like ACEGI that offers a security framework but depends on spring.
The point is: struts2 does not offer security out of the box.
Piero
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
