A servlet filter is relatively easy if you are going to put restrictions on
the actions alone and you don't have to mess with interceptor stacks. We've
done both interceptors and a filter and the filter is lower maintenance.
Just put the filter before the struts 2 filter in your web.xml. If you want
to secure more than the actions then I think Acegi is the way to go.
Regards,
Randy Burgess
Sr. Web Applications Developer
Nuvox Communications
> From: Frans Thamura <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <user@struts.apache.org>
> Date: Thu, 3 Apr 2008 07:13:20 +0700
> To: Struts Users Mailing List <user@struts.apache.org>
> Subject: Re: Security @ Struts2, using Acegy or Inspector
>
>> If you anticipate having the complexity of a full ACL implementation, I'd
>> just go ahead and use AceGI; why re-invent all that machinery? If you decide
>> to roll your own, though, then the interceptor can access the action through
>> the ActionInvocation object and, through the action, can access your POJO
>> via whatever mechanism you want -- via ModelDriven's getModel() method,
>> through an interceptor-specific interface you design, or whatever.
>
>
> my idea is to make a class that extend Action
>
> so, if I extend this action, the action will query and get security
> permission from database.. because i prefer database driven ..
>
> but i thinking a interceptor, but new in this area, i prefer a pattern that
> filter any action
>
> but.. i am loking also in AOP of spring or may be a HTTPFilter mechanism
> (still dont know, how to implement Struts2 based in the httpfilter)
>
>
> F
This email and any attachments ("Message") may contain legally privileged
and/or confidential information. If you are not the addressee, or if this
Message has been addressed to you in error, you are not authorized to read,
copy, or distribute it, and we ask that you please delete it (including all
copies) and notify the sender by return email. Delivery of this Message to any
person other than the intended recipient(s) shall not be deemed a waiver of
confidentiality and/or a privilege.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
